Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- wpscan --url http://ulcc.gouv.ht/
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 3.3.2
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
- _______________________________________________________________
- [+] URL: http://ulcc.gouv.ht/
- [+] Started: Fri Nov 23 20:21:11 2018
- Interesting Finding(s):
- [+] http://ulcc.gouv.ht/
- | Interesting Entry: Server: nginx/1.14.0
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [+] http://ulcc.gouv.ht/xmlrpc.php
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- | Confirmed By:
- | - Link Tag (Passive Detection), 30% confidence
- | - Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [+] http://ulcc.gouv.ht/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] Upload directory has listing enabled: http://ulcc.gouv.ht/wp-content/uploads/
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [+] WordPress version 3.1.2 identified (Released on 2011-04-26).
- | Detected By: Rss Generator (Passive Detection)
- | - http://ulcc.gouv.ht/?feed=rss2, <generator>http://wordpress.org/?v=3.1.2</generator>
- | - http://ulcc.gouv.ht/?feed=comments-rss2, <generator>http://wordpress.org/?v=3.1.2</generator>
- | - http://ulcc.gouv.ht/?feed=rss2&page_id=4, <generator>http://wordpress.org/?v=3.1.2</generator>
- |
- | [!] 38 vulnerabilities identified:
- |
- | [!] Title: Wordpress <= 3.1.2 Clickjacking
- | References:
- | - https://wpvulndb.com/vulnerabilities/6002
- | - http://seclists.org/fulldisclosure/2011/Sep/219
- | - http://www.securityfocus.com/bid/49730/
- |
- | [!] Title: WordPress 2.5 - 3.3.1 XSS in swfupload
- | Fixed in: 3.3.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/5999
- | - http://seclists.org/fulldisclosure/2012/Nov/51
- |
- | [!] Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
- | Fixed in: 3.5.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/5988
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235
- | - https://github.com/FireFart/WordpressPingbackPortScanner
- |
- | [!] Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
- | References:
- | - https://wpvulndb.com/vulnerabilities/5989
- | - http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
- |
- | [!] Title: WordPress <= 3.3.2 Cross-Site Scripting (XSS) in wp-includes/default-filters.php
- | Fixed in: 3.3.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/5994
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6633
- |
- | [!] Title: WordPress <= 3.3.2 wp-admin/media-upload.php sensitive information disclosure or bypass
- | Fixed in: 3.3.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/5995
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6634
- |
- | [!] Title: WordPress <= 3.3.2 wp-admin/includes/class-wp-posts-list-table.php sensitive information disclosure by visiting a draft
- | Fixed in: 3.3.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/5996
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6635
- |
- | [!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
- | Fixed in: 3.6.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/5970
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
- | - https://secunia.com/advisories/54803/
- | - https://www.exploit-db.com/exploits/28958/
- | - http://packetstormsecurity.com/files/123589/
- | - http://core.trac.wordpress.org/changeset/25323
- | - http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
- |
- | [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
- | Fixed in: 3.9.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/7528
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
- | - https://core.trac.wordpress.org/changeset/29384
- | - https://core.trac.wordpress.org/changeset/29408
- |
- | [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
- | Fixed in: 3.9.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/7529
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
- | - https://core.trac.wordpress.org/changeset/29398
- |
- | [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
- | Fixed in: 4.0
- | References:
- | - https://wpvulndb.com/vulnerabilities/7680
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
- | - http://klikki.fi/adv/wordpress.html
- | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
- | - http://klikki.fi/adv/wordpress_update.html
- |
- | [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
- | Fixed in: 4.0.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/7681
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
- | - https://www.exploit-db.com/exploits/35413/
- | - https://www.exploit-db.com/exploits/35414/
- | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
- | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
- |
- | [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
- | Fixed in: 4.0.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/7696
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
- | - http://www.securityfocus.com/bid/71234/
- | - https://core.trac.wordpress.org/changeset/30444
- |
- | [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
- | Fixed in: 4.2.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8111
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
- | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
- | - https://twitter.com/klikkioy/status/624264122570526720
- | - https://klikki.fi/adv/wordpress3.html
- |
- | [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
- | Fixed in: 4.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8473
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
- | - https://codex.wordpress.org/Version_4.5
- | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
- |
- | [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
- | Fixed in: 4.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8474
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
- | - https://codex.wordpress.org/Version_4.5
- | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
- |
- | [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
- | Fixed in: 4.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8475
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
- | - https://codex.wordpress.org/Version_4.5
- |
- | [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
- | Fixed in: 4.5.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8520
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
- | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
- | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
- |
- | [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
- | Fixed in: 4.6.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8615
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
- | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
- | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
- | - http://seclists.org/fulldisclosure/2016/Sep/6
- |
- | [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
- | Fixed in: 4.6.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8616
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
- | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
- |
- | [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8716
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
- | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- |
- | [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8719
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
- | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- |
- | [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8720
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
- | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- |
- | [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8721
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
- | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- |
- | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
- | Fixed in: 4.7.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8766
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
- | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
- |
- | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- | References:
- | - https://wpvulndb.com/vulnerabilities/8807
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- | - https://core.trac.wordpress.org/ticket/25239
- |
- | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8815
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
- | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- |
- | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8816
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
- |
- | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8818
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
- | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
- |
- | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8905
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- |
- | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8906
- | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://wpvulndb.com/vulnerabilities/8905
- |
- | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8910
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41398
- |
- | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8911
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41457
- |
- | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- | Fixed in: 4.8.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8941
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- | - https://twitter.com/ircmaxell/status/923662170092638208
- | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- |
- | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- | Fixed in: 4.9.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8966
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- |
- | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- | Fixed in: 4.9.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8967
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- |
- | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- [+] WordPress theme in use: ulcc
- | Location: http://ulcc.gouv.ht/wp-content/themes/ulcc/
- | Style URL: http://ulcc.gouv.ht/wp-content/themes/ulcc/style.css
- | Style Name: Twenty Ten
- | Style URI: http://wordpress.org/
- | Description: The 2010 theme for WordPress is stylish, customizable, simple, and readable -- make it yours with a ...
- | Author: the WordPress team
- |
- | Detected By: Css Style (Passive Detection)
- | Confirmed By: Urls In Homepage (Passive Detection)
- |
- | Version: 1.2 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - http://ulcc.gouv.ht/wp-content/themes/ulcc/style.css, Match: 'Version: 1.2'
- [+] Enumerating All Plugins
- [+] Checking Plugin Versions
- [i] Plugin(s) Identified:
- [+] contact-form-7
- | Location: http://ulcc.gouv.ht/wp-content/plugins/contact-form-7/
- | Latest Version: 5.0.5
- | Last Updated: 2018-10-29T23:58:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 3 vulnerabilities identified:
- |
- | [!] Title: Contact Form 7 <= 3.7.1 - Security Bypass
- | Fixed in: 3.7.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/7020
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2265
- | - http://www.securityfocus.com/bid/66381/
- |
- | [!] Title: Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution
- | Fixed in: 3.5.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/7022
- | - http://packetstormsecurity.com/files/124154/
- |
- | [!] Title: Contact Form 7 <= 5.0.3 - register_post_type() Privilege Escalation
- | Fixed in: 5.0.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/9127
- | - https://contactform7.com/2018/09/04/contact-form-7-504/
- | - https://plugins.trac.wordpress.org/changeset/1935726/contact-form-7
- | - https://plugins.trac.wordpress.org/changeset/1934594/contact-form-7
- | - https://plugins.trac.wordpress.org/changeset/1934343/contact-form-7
- | - https://plugins.trac.wordpress.org/changeset/1934327/contact-form-7
- |
- | The version could not be determined.
- [+] cool-video-gallery
- | Location: http://ulcc.gouv.ht/wp-content/plugins/cool-video-gallery/
- | Latest Version: 2.3
- | Last Updated: 2016-04-27T01:16:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 9 vulnerabilities identified:
- |
- | [!] Title: Cool Video Gallery 1.8 - admin/gallery-details.php Multiple Actions CSRF
- | Fixed in: 1.9
- | Reference: https://wpvulndb.com/vulnerabilities/7237
- |
- | [!] Title: Cool Video Gallery 1.8 - admin/gallery-manage.php Gallery Deletion CSRF
- | Fixed in: 1.9
- | Reference: https://wpvulndb.com/vulnerabilities/7238
- |
- | [!] Title: Cool Video Gallery 1.8 - admin/gallery-settings.php Gallery Settings Manipulation CSRF
- | Fixed in: 1.9
- | Reference: https://wpvulndb.com/vulnerabilities/7239
- |
- | [!] Title: Cool Video Gallery 1.8 - admin/gallery-sort.php Gallery Sort Order Manipulation CSRF
- | Fixed in: 1.9
- | Reference: https://wpvulndb.com/vulnerabilities/7240
- |
- | [!] Title: Cool Video Gallery 1.8 - admin/player-settings.php Player Settings Manipulation CSRF
- | Fixed in: 1.9
- | Reference: https://wpvulndb.com/vulnerabilities/7241
- |
- | [!] Title: Cool Video Gallery 1.8 - admin/plugin-uninstall.php Plugin Uninstallation CSRF
- | Fixed in: 1.9
- | Reference: https://wpvulndb.com/vulnerabilities/7242
- |
- | [!] Title: Cool Video Gallery 1.8 - admin/video-sitemap.php XML Video Sitemap Generation CSRF
- | Fixed in: 1.9
- | Reference: https://wpvulndb.com/vulnerabilities/7243
- |
- | [!] Title: Cool Video Gallery 1.8 - lib/core.php Multiple Actions CSRF
- | Fixed in: 1.9
- | Reference: https://wpvulndb.com/vulnerabilities/7244
- |
- | [!] Title: Cool Video Gallery <= 1.9 - Authenticated Comm& Injection
- | Fixed in: 2.0
- | References:
- | - https://wpvulndb.com/vulnerabilities/8348
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7527
- | - http://www.vapidlabs.com/advisory.php?v=158
- | - http://www.openwall.com/lists/oss-security/2015/12/02/9
- | - https://wordpress.org/support/topic/command-injection-vulnerability-in-v19
- | - http://seclists.org/bugtraq/2015/Dec/27
- | - https://plugins.trac.wordpress.org/changeset/1368619/cool-video-gallery
- |
- | The version could not be determined.
- [+] document-links-widget
- | Location: http://ulcc.gouv.ht/wp-content/plugins/document-links-widget/
- | Latest Version: 2.0.2
- | Last Updated: 2011-03-07T04:39:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | The version could not be determined.
- [+] events-manager
- | Location: http://ulcc.gouv.ht/wp-content/plugins/events-manager/
- | Latest Version: 5.9.5
- | Last Updated: 2018-08-07T19:10:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 5 vulnerabilities identified:
- |
- | [!] Title: Events Manager 5.5.1 - Multiple Unspecified XSS Vulnerabilities
- | Fixed in: 5.5.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/6648
- | - https://secunia.com/advisories/55182/
- |
- | [!] Title: Events Manager 5.3.8 - Multiple Cross-Site Scripting (XSS)
- | Fixed in: 5.3.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/6649
- | - https://secunia.com/advisories/53478/
- | - http://www.securityfocus.com/bid/60078/
- |
- | [!] Title: Events Manager 5.3.5 - Multiple Cross-Site Scripting (XSS)
- | Fixed in: 5.3.6
- | References:
- | - https://wpvulndb.com/vulnerabilities/6652
- | - https://secunia.com/advisories/52475/
- |
- | [!] Title: Events Manager 5.3.3 - Multiple Cross-Site Scripting (XSS)
- | Fixed in: 5.3.4
- | References:
- | - https://wpvulndb.com/vulnerabilities/6655
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1407
- | - https://secunia.com/advisories/51869/
- | - http://packetstormsecurity.com/files/120688/
- | - http://www.securityfocus.com/bid/57477/
- |
- | [!] Title: Events Manager <= 5.8.1.1 - Unauthenticated Stored XSS
- | Fixed in: 5.8.1.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/9047
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9020
- | - https://www.gubello.me/blog/events-manager-authenticated-stored-xss/
- |
- | The version could not be determined.
- [+] nextcellent-gallery-nextgen-legacy
- | Location: http://ulcc.gouv.ht/wp-content/plugins/nextcellent-gallery-nextgen-legacy/
- | Last Updated: 2017-10-16T09:19:00.000Z
- | [!] The version is out of date, the latest version is 1.9.35
- |
- | Detected By: Comment (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: NextCellent Gallery 1.9.13 - admin/manage-images.php Multiple Field Stored XSS Weakness
- | Fixed in: 1.9.18
- | References:
- | - https://wpvulndb.com/vulnerabilities/7222
- | - http://www.securityfocus.com/bid/67085/
- |
- | Version: 1.9.0 (60% confidence)
- | Detected By: Comment (Passive Detection)
- | - http://ulcc.gouv.ht/, Match: '<meta name="NextGEN" version="1.9.0"'
- [+] nextgen-gallery
- | Location: http://ulcc.gouv.ht/wp-content/plugins/nextgen-gallery/
- | Last Updated: 2018-10-24T14:43:00.000Z
- | [!] The version is out of date, the latest version is 3.0.16
- |
- | Detected By: Urls In Homepage (Passive Detection)
- | Confirmed By: Comment (Passive Detection)
- |
- | [!] 13 vulnerabilities identified:
- |
- | [!] Title: NextGEN Gallery <= 2.0.63 - Arbitrary File Upload
- | Fixed in: 2.0.66
- | References:
- | - https://wpvulndb.com/vulnerabilities/6449
- | - http://packetstormsecurity.com/files/127340/
- |
- | [!] Title: NextGEN Gallery 2.0.0 - Directory Traversal
- | Fixed in: 2.0.7
- | References:
- | - https://wpvulndb.com/vulnerabilities/6450
- | - http://seclists.org/fulldisclosure/2014/Feb/171
- | - https://security.dxw.com/advisories/directory-traversal-in-nextgen-gallery-2-0-0/
- |
- | [!] Title: NextGEN Gallery - swfupload.swf Cross-Site Scripting (XSS)
- | Fixed in: 1.9.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/6451
- | - https://secunia.com/advisories/51271/
- | - http://brindi.si/g/blog/vulnerable-swf-bundled-in-wordpress-plugins.html
- | - http://www.securityfocus.com/bid/60433/
- |
- | [!] Title: NextGEN Gallery 1.9.12 - Arbitrary File Upload
- | Fixed in: 1.9.13
- | References:
- | - https://wpvulndb.com/vulnerabilities/6453
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3684
- | - http://wordpress.org/plugins/nextgen-gallery/changelog/
- |
- | [!] Title: NextGEN Gallery 1.9.11 - Full Path Disclosure
- | Fixed in: 2.0.0
- | References:
- | - https://wpvulndb.com/vulnerabilities/6454
- | - https://secunia.com/advisories/52137/
- |
- | [!] Title: NextGEN Gallery 1.9.5 - gallerypath Parameter Stored XSS
- | Fixed in: 2.0.0
- | Reference: https://wpvulndb.com/vulnerabilities/6455
- |
- | [!] Title: NextGEN Gallery <= 1.9.0 - Multiple Cross-Site Scripting (XSS)
- | Fixed in: 1.9.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/6456
- | - https://secunia.com/advisories/47588/
- |
- | [!] Title: NextGEN Gallery <= 2.0.77 - CSRF & Arbitrary File Upload
- | Fixed in: 2.0.77.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/7865
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1784
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1785
- | - https://www.nettitude.co.uk/crsf-and-unsafe-arbitrary-file-upload-in-nextgen-gallery-plugin-for-wordpress/
- |
- | [!] Title: NextGEN Gallery <= 2.1.7 - Authenticated Path Traversal
- | Fixed in: 2.1.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/8165
- | - http://permalink.gmane.org/gmane.comp.security.oss.general/17650
- | - https://github.com/espreto/wpsploit/blob/master/documentation/auxiliary/wp_nextgen_gallery_dir_read.md
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wp_nextgen_galley_file_read
- |
- | [!] Title: NextGEN Gallery <= 2.1.56 - Authenticated Local File Inclusion (LFI)
- | Fixed in: 2.1.57
- | References:
- | - https://wpvulndb.com/vulnerabilities/8664
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6565
- | - http://www.kb.cert.org/vuls/id/346175
- | - https://plugins.trac.wordpress.org/changeset/1533907/nextgen-gallery
- |
- | [!] Title: NextGEN Gallery <= 2.1.77 - Unauthenticated SQL Injection
- | Fixed in: 2.1.79
- | References:
- | - https://wpvulndb.com/vulnerabilities/8741
- | - https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html
- | - https://plugins.trac.wordpress.org/changeset/1602275/nextgen-gallery
- |
- | [!] Title: NextGEN Gallery <= 2.2.46 - Galley Paths Not Secured
- | Fixed in: 2.2.50
- | References:
- | - https://wpvulndb.com/vulnerabilities/9033
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7586
- |
- | [!] Title: NextGEN Gallery <= 2.2.44 - Cross-Site Scripting (XSS)
- | Fixed in: 2.2.45
- | References:
- | - https://wpvulndb.com/vulnerabilities/9079
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000172
- | - https://fortiguard.com/zeroday/FG-VD-17-215
- | - https://plugins.trac.wordpress.org/changeset/1822089/nextgen-gallery
- |
- | Version: 1.9.0 (60% confidence)
- | Detected By: Comment (Passive Detection)
- | - http://ulcc.gouv.ht/, Match: '<meta name="NextGEN" version="1.9.0"'
- [+] theme-my-login
- | Location: http://ulcc.gouv.ht/wp-content/plugins/theme-my-login/
- | Latest Version: 7.0.11
- | Last Updated: 2018-09-19T18:34:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: Theme My Login 6.3.9 - Local File Inclusion
- | Fixed in: 6.3.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/6043
- | - http://packetstormsecurity.com/files/127302/
- | - http://seclists.org/fulldisclosure/2014/Jun/172
- | - http://www.securityfocus.com/bid/68254/
- | - https://security.dxw.com/advisories/lfi-in-theme-my-login/
- |
- | The version could not be determined.
- [+] user-access-manager
- | Location: http://ulcc.gouv.ht/wp-content/plugins/user-access-manager/
- | Latest Version: 2.1.11
- | Last Updated: 2018-03-17T06:58:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 1 vulnerability identified:
- |
- | [!] Title: User Access Manager <= 2.0.8 - Authenticated Reflected Cross-Site Scripting (XSS)
- | Fixed in: 2.0.9
- | References:
- | - https://wpvulndb.com/vulnerabilities/8814
- | - http://www.defensecode.com/advisories/DC-2017-01-021_WordPress_User_Access_Manager_Plugin_Advisory.pdf
- | - http://seclists.org/bugtraq/2017/May/31
- |
- | The version could not be determined.
- [+] wp-members
- | Location: http://ulcc.gouv.ht/wp-content/plugins/wp-members/
- | Latest Version: 3.2.4.2
- | Last Updated: 2018-10-05T00:51:00.000Z
- |
- | Detected By: Urls In Homepage (Passive Detection)
- |
- | [!] 3 vulnerabilities identified:
- |
- | [!] Title: WP-Members 2.8.9 - profile.php Multiple Parameter Stored XSS
- | Fixed in: 2.8.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/7079
- | - https://secunia.com/advisories/56271/
- | - http://packetstormsecurity.com/files/124720/
- | - http://www.securityfocus.com/bid/64713/
- |
- | [!] Title: WP-Members 2.8.9 - wp-login.php register Action Multiple Parameter Reflected XSS
- | Fixed in: 2.8.10
- | References:
- | - https://wpvulndb.com/vulnerabilities/7080
- | - https://secunia.com/advisories/56271/
- | - http://packetstormsecurity.com/files/124720/
- | - http://www.securityfocus.com/bid/64713/
- |
- | [!] Title: WP-Members <= 3.1.7 - Authenticated Cross-Site Scripting (XSS)
- | Fixed in: 3.1.8
- | References:
- | - https://wpvulndb.com/vulnerabilities/8858
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2222
- | - https://jvn.jp/en/jp/JVN51355647/index.html
- | - https://plugins.trac.wordpress.org/changeset/1667369/#file12
- |
- | The version could not be determined.
- [+] Enumerating Config Backups
- Checking Config Backups - Time: 00:00:01 <=================================================================================================================> (21 / 21) 100.00% Time: 00:00:01
- [i] No Config Backups Found.
- [+] Finished: Fri Nov 23 20:21:43 2018
- [+] Requests Done: 103
- [+] Memory used: 81.215 MB
- [+] Elapsed time: 00:00:32
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement