Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ┏━Target: dailypakistan.pk ┃
- ┠── CMS: WordPress ┃ │ ┃ ├── Version: 4.8.1
- ┃ ╰── URL: https://wordpress.org
- ┃
- ┠──[WordPress Deepscan]
- ┃ │
- ┃ ├── Readme file found: https://dailypakistan.pk//readme.html ┃ ├── License file: https://dailypakistan.pk//license.txt ┃ ├── Changelog: https://codex.wordpress.org/Version_4.8.1
- ┃ ├── User registration enabled: https://dailypakistan.pk//wp-login.php?action=register ┃ │
- ┃ ├── Usernames harvested: 1
- ┃ │ ╰── dpadmin
- ┃ │
- ┃ ╰── Version vulnerabilities: 27
- ┃ │
- ┃ │
- ┃ ├── WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- ┃ │ │
- ┃ │ ├── Type: SQLI
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8905
- ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- ┃ │ ╰── Fixed In Version: 4.8.2
- ┃ │
- ┃ ├── WordPress 2.9.2-4.8.1 - Open Redirect
- ┃ │ │
- ┃ │ ├── Type: REDIRECT
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8910
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41398
- ┃ │ ╰── Fixed In Version: 4.8.2
- ┃ │
- ┃ ├── WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- ┃ │ │
- ┃ │ ├── Type: LFI
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8911
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41457
- ┃ │ ╰── Fixed In Version: 4.8.2
- ┃ │
- ┃ ├── WordPress 4.4-4.8.1 - Path Traversal in Customizer
- ┃ │ │
- ┃ │ ├── Type: LFI
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8912
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
- ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41397
- ┃ │ ╰── Fixed In Version: 4.8.2
- ┃ │
- ┃ ├── WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8913
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
- ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41448
- ┃ │ ╰── Fixed In Version: 4.8.2
- ┃ │
- ┃ ├── WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8914
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
- ┃ │ ├── Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- ┃ │ ├── Reference: https://core.trac.wordpress.org/changeset/41395
- ┃ │ ├── Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
- ┃ │ ╰── Fixed In Version: 4.8.2
- ┃ │
- ┃ ├── WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- ┃ │ │
- ┃ │ ├── Type: UNKNOWN
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8807
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- ┃ │ ├── Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- ┃ │ ├── Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- ┃ │ ├── Reference: https://core.trac.wordpress.org/ticket/25239
- ┃ │ ╰── Fixed In Version: None
- ┃ │
- ┃ ├── WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- ┃ │ │
- ┃ │ ├── Type: SQLI
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8941
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- ┃ │ ├── Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- ┃ │ ├── Reference: https://twitter.com/ircmaxell/status/923662170092638208
- ┃ │ ├── Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- ┃ │ ╰── Fixed In Version: 4.8.3
- ┃ │
- ┃ ├── WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- ┃ │ │
- ┃ │ ├── Type: BYPASS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8966
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- ┃ │ ├── Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- ┃ │ ╰── Fixed In Version: 4.8.4
- ┃ │
- ┃ ├── WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8967
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- ┃ │ ├── Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- ┃ │ ╰── Fixed In Version: 4.8.4
- ┃ │
- ┃ ├── WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8968
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
- ┃ │ ├── Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
- ┃ │ ╰── Fixed In Version: 4.8.4
- ┃ │
- ┃ ├── WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
- ┃ │ │
- ┃ │ ├── Type: UNKNOWN
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/8969
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
- ┃ │ ├── Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
- ┃ │ ╰── Fixed In Version: 4.8.4
- ┃ │
- ┃ ├── WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9006
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
- ┃ │ ├── Reference: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
- ┃ │ ├── Reference: https://core.trac.wordpress.org/ticket/42720
- ┃ │ ╰── Fixed In Version: 4.8.5
- ┃ │
- ┃ ├── WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- ┃ │ │
- ┃ │ ├── Type: DOS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9021
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- ┃ │ ├── Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- ┃ │ ├── Reference: https://github.com/quitten/doser.py
- ┃ │ ├── Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- ┃ │ ╰── Fixed In Version: None
- ┃ │
- ┃ ├── WordPress 3.7-4.9.4 - Remove localhost Default
- ┃ │ │
- ┃ │ ├── Type: UNKNOWN
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9053
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
- ┃ │ ├── Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
- ┃ │ ╰── Fixed In Version: 4.8.6
- ┃ │
- ┃ ├── WordPress 3.7-4.9.4 - Use Safe Redirect for Login
- ┃ │ │
- ┃ │ ├── Type: REDIRECT
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9054
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
- ┃ │ ├── Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
- ┃ │ ╰── Fixed In Version: 4.8.6
- ┃ │
- ┃ ├── WordPress 3.7-4.9.4 - Escape Version in Generator Tag
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9055
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
- ┃ │ ├── Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
- ┃ │ ╰── Fixed In Version: 4.8.6
- ┃ │
- ┃ ├── WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- ┃ │ │
- ┃ │ ├── Type: UNKNOWN
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9100
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- ┃ │ ├── Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- ┃ │ ├── Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- ┃ │ ├── Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- ┃ │ ├── Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- ┃ │ ╰── Fixed In Version: 4.8.7
- ┃ │
- ┃ ├── WordPress <= 5.0 - Authenticated File Delete
- ┃ │ │
- ┃ │ ├── Type: UNKNOWN
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9169
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
- ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- ┃ │ ╰── Fixed In Version: 4.8.8
- ┃ │
- ┃ ├── WordPress <= 5.0 - Authenticated Post Type Bypass
- ┃ │ │
- ┃ │ ├── Type: BYPASS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9170
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
- ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- ┃ │ ├── Reference: https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
- ┃ │ ╰── Fixed In Version: 4.8.8
- ┃ │
- ┃ ├── WordPress <= 5.0 - PHP Object Injection via Meta Data
- ┃ │ │
- ┃ │ ├── Type: OBJECTINJECTION
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9171
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
- ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- ┃ │ ╰── Fixed In Version: 4.8.8
- ┃ │
- ┃ ├── WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9172
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
- ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- ┃ │ ╰── Fixed In Version: 4.8.8
- ┃ │
- ┃ ├── WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9173
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
- ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- ┃ │ ├── Reference: https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
- ┃ │ ╰── Fixed In Version: 4.8.8
- ┃ │
- ┃ ├── WordPress <= 5.0 - User Activation Screen Search Engine Indexing
- ┃ │ │
- ┃ │ ├── Type: UNKNOWN
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9174
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
- ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
- ┃ │ ╰── Fixed In Version: 4.8.8
- ┃ │
- ┃ ├── WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
- ┃ │ │
- ┃ │ ├── Type: XSS
- ┃ │ ├── Link: http://wpvulndb.com/vulnerabilities/9175
- ┃ │ ├── CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
- ┃ │ ├── Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
Add Comment
Please, Sign In to add comment