API tools faq
paste
Advertisement
Guest User

saafsaf

a guest
Nov 18th, 2019
280
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 19.54 KB | None | 0 0
raw download clone embed print report
  1. +] URL: http://gebe-montagebau.de/wp/
  2. [+] Started: Mon Nov 18 23:25:20 2019
  3.  
  4. Interesting Finding(s):
  5.  
  6. [+] http://gebe-montagebau.de/wp/
  7. | Interesting Entry: Server: Apache
  8. | Found By: Headers (Passive Detection)
  9. | Confidence: 100%
  10.  
  11. [+] http://gebe-montagebau.de/wp/xmlrpc.php
  12. | Found By: Link Tag (Passive Detection)
  13. | Confidence: 100%
  14. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
  15. | References:
  16. | - http://codex.wordpress.org/XML-RPC_Pingback_API
  17. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
  18. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
  19. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
  20. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
  21.  
  22. [+] http://gebe-montagebau.de/wp/readme.html
  23. | Found By: Direct Access (Aggressive Detection)
  24. | Confidence: 100%
  25.  
  26. [+] http://gebe-montagebau.de/wp/wp-cron.php
  27. | Found By: Direct Access (Aggressive Detection)
  28. | Confidence: 60%
  29. | References:
  30. | - https://www.iplocation.net/defend-wordpress-from-ddos
  31. | - https://github.com/wpscanteam/wpscan/issues/1299
  32.  
  33. [+] WordPress version 4.8.1 identified (Insecure, released on 2017-08-02).
  34. | Detected By: Rss Generator (Passive Detection)
  35. | - http://gebe-montagebau.de/wp/?feed=rss2, <generator>https://wordpress.org/?v=4.8.1</generator>
  36. | - http://gebe-montagebau.de/wp/?feed=comments-rss2, <generator>https://wordpress.org/?v=4.8.1</generator>
  37. |
  38. | [!] 34 vulnerabilities identified:
  39. |
  40. | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
  41. | Fixed in: 4.8.2
  42. | References:
  43. | - https://wpvulndb.com/vulnerabilities/8905
  44. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723
  45. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  46. | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
  47. | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
  48. |
  49. | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
  50. | Fixed in: 4.8.2
  51. | References:
  52. | - https://wpvulndb.com/vulnerabilities/8910
  53. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
  54. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  55. | - https://core.trac.wordpress.org/changeset/41398
  56. |
  57. | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
  58. | Fixed in: 4.8.2
  59. | References:
  60. | - https://wpvulndb.com/vulnerabilities/8911
  61. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
  62. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  63. | - https://core.trac.wordpress.org/changeset/41457
  64. |
  65. | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
  66. | Fixed in: 4.8.2
  67. | References:
  68. | - https://wpvulndb.com/vulnerabilities/8912
  69. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
  70. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  71. | - https://core.trac.wordpress.org/changeset/41397
  72. |
  73. | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
  74. | Fixed in: 4.8.2
  75. | References:
  76. | - https://wpvulndb.com/vulnerabilities/8913
  77. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
  78. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  79. | - https://core.trac.wordpress.org/changeset/41448
  80. |
  81. | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
  82. | Fixed in: 4.8.2
  83. | References:
  84. | - https://wpvulndb.com/vulnerabilities/8914
  85. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
  86. | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
  87. | - https://core.trac.wordpress.org/changeset/41395
  88. | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
  89. |
  90. | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
  91. | References:
  92. | - https://wpvulndb.com/vulnerabilities/8807
  93. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
  94. | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
  95. | - https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
  96. | - https://core.trac.wordpress.org/ticket/25239
  97. |
  98. | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
  99. | Fixed in: 4.8.3
  100. | References:
  101. | - https://wpvulndb.com/vulnerabilities/8941
  102. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
  103. | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
  104. | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
  105. | - https://twitter.com/ircmaxell/status/923662170092638208
  106. | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
  107. |
  108. | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
  109. | Fixed in: 4.8.4
  110. | References:
  111. | - https://wpvulndb.com/vulnerabilities/8966
  112. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
  113. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  114. | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
  115. |
  116. | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
  117. | Fixed in: 4.8.4
  118. | References:
  119. | - https://wpvulndb.com/vulnerabilities/8967
  120. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
  121. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  122. | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
  123. |
  124. | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
  125. | Fixed in: 4.8.4
  126. | References:
  127. | - https://wpvulndb.com/vulnerabilities/8968
  128. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
  129. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  130. | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
  131. |
  132. | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
  133. | Fixed in: 4.8.4
  134. | References:
  135. | - https://wpvulndb.com/vulnerabilities/8969
  136. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
  137. | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
  138. | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
  139. |
  140. | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
  141. | Fixed in: 4.8.5
  142. | References:
  143. | - https://wpvulndb.com/vulnerabilities/9006
  144. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
  145. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9263
  146. | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
  147. | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
  148. | - https://core.trac.wordpress.org/ticket/42720
  149. |
  150. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  151. | References:
  152. | - https://wpvulndb.com/vulnerabilities/9021
  153. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  154. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  155. | - https://github.com/quitten/doser.py
  156. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  157. |
  158. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  159. | Fixed in: 4.8.6
  160. | References:
  161. | - https://wpvulndb.com/vulnerabilities/9053
  162. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  163. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  164. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  165. |
  166. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  167. | Fixed in: 4.8.6
  168. | References:
  169. | - https://wpvulndb.com/vulnerabilities/9054
  170. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  171. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  172. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  173. |
  174. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  175. | Fixed in: 4.8.6
  176. | References:
  177. | - https://wpvulndb.com/vulnerabilities/9055
  178. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  179. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  180. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  181. |
  182. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  183. | Fixed in: 4.8.7
  184. | References:
  185. | - https://wpvulndb.com/vulnerabilities/9100
  186. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  187. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  188. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  189. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  190. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  191. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  192. |
  193. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  194. | Fixed in: 4.8.8
  195. | References:
  196. | - https://wpvulndb.com/vulnerabilities/9169
  197. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  198. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  199. |
  200. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  201. | Fixed in: 4.8.8
  202. | References:
  203. | - https://wpvulndb.com/vulnerabilities/9170
  204. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  205. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  206. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  207. |
  208. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  209. | Fixed in: 4.8.8
  210. | References:
  211. | - https://wpvulndb.com/vulnerabilities/9171
  212. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  213. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  214. |
  215. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  216. | Fixed in: 4.8.8
  217. | References:
  218. | - https://wpvulndb.com/vulnerabilities/9172
  219. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  220. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  221. |
  222. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  223. | Fixed in: 4.8.8
  224. | References:
  225. | - https://wpvulndb.com/vulnerabilities/9173
  226. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  227. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  228. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  229. |
  230. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  231. | Fixed in: 4.8.8
  232. | References:
  233. | - https://wpvulndb.com/vulnerabilities/9174
  234. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  235. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  236. |
  237. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  238. | Fixed in: 4.8.8
  239. | References:
  240. | - https://wpvulndb.com/vulnerabilities/9175
  241. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  242. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  243. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  244. |
  245. | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
  246. | Fixed in: 5.0.1
  247. | References:
  248. | - https://wpvulndb.com/vulnerabilities/9222
  249. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
  250. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
  251. | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
  252. | - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
  253. |
  254. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
  255. | Fixed in: 4.8.9
  256. | References:
  257. | - https://wpvulndb.com/vulnerabilities/9230
  258. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
  259. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
  260. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
  261. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
  262. |
  263. | [!] Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
  264. | Fixed in: 4.8.10
  265. | References:
  266. | - https://wpvulndb.com/vulnerabilities/9867
  267. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222
  268. | - https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
  269. | - https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
  270. | - https://hackerone.com/reports/339483
  271. |
  272. | [!] Title: WordPress <= 5.2.3 - Stored XSS in Customizer
  273. | Fixed in: 4.8.11
  274. | References:
  275. | - https://wpvulndb.com/vulnerabilities/9908
  276. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674
  277. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  278. | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  279. |
  280. | [!] Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
  281. | Fixed in: 4.8.11
  282. | References:
  283. | - https://wpvulndb.com/vulnerabilities/9909
  284. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671
  285. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  286. | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  287. | - https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
  288. | - https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
  289. |
  290. | [!] Title: WordPress <= 5.2.3 - Stored XSS in Style Tags
  291. | Fixed in: 4.8.11
  292. | References:
  293. | - https://wpvulndb.com/vulnerabilities/9910
  294. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672
  295. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  296. | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  297. |
  298. | [!] Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning
  299. | Fixed in: 4.8.11
  300. | References:
  301. | - https://wpvulndb.com/vulnerabilities/9911
  302. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673
  303. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  304. | - https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
  305. | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  306. |
  307. | [!] Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
  308. | Fixed in: 4.8.11
  309. | References:
  310. | - https://wpvulndb.com/vulnerabilities/9912
  311. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669
  312. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670
  313. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  314. | - https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
  315. | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  316. |
  317. | [!] Title: WordPress <= 5.2.3 - Admin Referrer Validation
  318. | Fixed in: 4.8.11
  319. | References:
  320. | - https://wpvulndb.com/vulnerabilities/9913
  321. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675
  322. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  323. | - https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
  324. | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  325.  
  326. [+] WordPress theme in use: spacious
  327. | Location: http://gebe-montagebau.de/wp/wp-content/themes/spacious/
  328. | Last Updated: 2019-08-27T00:00:00.000Z
  329. | Readme: http://gebe-montagebau.de/wp/wp-content/themes/spacious/readme.txt
  330. | [!] The version is out of date, the latest version is 1.6.6
  331. | Style URL: http://gebe-montagebau.de/wp/wp-content/themes/spacious/style.css?ver=4.8.1
  332. | Style Name: Spacious
  333. | Style URI: https://themegrill.com/themes/spacious
  334. | Description: Spacious is an incredibly spacious multipurpose responsive theme coded & designed with a lot of care...
  335. | Author: ThemeGrill
  336. | Author URI: https://themegrill.com
  337. |
  338. | Detected By: Css Style (Passive Detection)
  339. |
  340. | Version: 1.4.7 (80% confidence)
  341. | Detected By: Style (Passive Detection)
  342. | - http://gebe-montagebau.de/wp/wp-content/themes/spacious/style.css?ver=4.8.1, Match: 'Version: 1.4.7'
  343.  
  344. [+] Enumerating All Plugins (via Passive Methods)
  345. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
  346.  
  347. [i] Plugin(s) Identified:
  348.  
  349. [+] gallery-by-supsystic
  350. | Location: http://gebe-montagebau.de/wp/wp-content/plugins/gallery-by-supsystic/
  351. | Last Updated: 2019-10-09T17:56:00.000Z
  352. | [!] The version is out of date, the latest version is 1.14.1
  353. |
  354. | Detected By: Urls In Homepage (Passive Detection)
  355. |
  356. | Version: 1.10.8 (80% confidence)
  357. | Detected By: Readme - Stable Tag (Aggressive Detection)
  358. | - http://gebe-montagebau.de/wp/wp-content/plugins/gallery-by-supsystic/readme.txt
  359.  
  360. [+] uk-cookie-consent
  361. | Location: http://gebe-montagebau.de/wp/wp-content/plugins/uk-cookie-consent/
  362. | Last Updated: 2019-10-31T13:38:00.000Z
  363. | [!] The version is out of date, the latest version is 2.3.15
  364. |
  365. | Detected By: Urls In Homepage (Passive Detection)
  366. |
  367. | [!] 1 vulnerability identified:
  368. |
  369. | [!] Title: UK Cookie Consent <= 2.3.9 - Authenticated Stored Cross-Site Scripting (XSS)
  370. | Fixed in: 2.3.10
  371. | References:
  372. | - https://wpvulndb.com/vulnerabilities/9068
  373. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10310
  374. | - https://plugins.trac.wordpress.org/changeset/1863058/uk-cookie-consent
  375. |
  376. | Version: 2.3.9 (80% confidence)
  377. | Detected By: Readme - Stable Tag (Aggressive Detection)
  378. | - http://gebe-montagebau.de/wp/wp-content/plugins/uk-cookie-consent/readme.txt
  379.  
  380. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
  381. Checking Config Backups - Time: 00:00:00 <================================================> (21 / 21) 100.00% Time: 00:00:00
  382.  
  383. [i] No Config Backups Found.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!