wpscan_htb_paper

1. _______________________________________________________________
2. __ _______ _____
3. \ \ / / __ \ / ____|
4. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
5. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
6. \ /\ / | | ____) | (__| (_| | | | |
7. \/ \/ |_| |_____/ \___|\__,_|_| |_|
8.  
9. WordPress Security Scanner by the WPScan Team
10. Version 3.8.20
11. Sponsored by Automattic - https://automattic.com/
12. @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
13. _______________________________________________________________
14.  
15. [+] URL: http://office.paper/ [10.10.11.143]
16. [+] Started: Tue Mar 22 17:34:52 2022
17.  
18. Interesting Finding(s):
19.  
20. [+] Headers
21. | Interesting Entries:
22. | - Server: Apache/2.4.37 (centos) OpenSSL/1.1.1k mod_fcgid/2.3.9
23. | - X-Powered-By: PHP/7.2.24
24. | - X-Backend-Server: office.paper
25. | Found By: Headers (Passive Detection)
26. | Confidence: 100%
27.  
28. [+] WordPress readme found: http://office.paper/readme.html
29. | Found By: Direct Access (Aggressive Detection)
30. | Confidence: 100%
31.  
32. [+] WordPress version 5.2.3 identified (Insecure, released on 2019-09-05).
33. | Found By: Rss Generator (Passive Detection)
34. | - http://office.paper/index.php/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
35. | - http://office.paper/index.php/comments/feed/, <generator>https://wordpress.org/?v=5.2.3</generator>
36. |
37. | [!] 32 vulnerabilities identified:
38. |
39. | [!] Title: WordPress <= 5.2.3 - Stored XSS in Customizer
40. | Fixed in: 5.2.4
41. | References:
42. | - https://wpscan.com/vulnerability/d39a7b84-28b9-4916-a2fc-6192ceb6fa56
43. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674
44. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
45. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
46. |
47. | [!] Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
48. | Fixed in: 5.2.4
49. | References:
50. | - https://wpscan.com/vulnerability/3413b879-785f-4c9f-aa8a-5a4a1d5e0ba2
51. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671
52. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
53. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
54. | - https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
55. | - https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
56. |
57. | [!] Title: WordPress <= 5.2.3 - Stored XSS in Style Tags
58. | Fixed in: 5.2.4
59. | References:
60. | - https://wpscan.com/vulnerability/d005b1f8-749d-438a-8818-21fba45c6465
61. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672
62. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
63. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
64. |
65. | [!] Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning
66. | Fixed in: 5.2.4
67. | References:
68. | - https://wpscan.com/vulnerability/7804d8ed-457a-407e-83a7-345d3bbe07b2
69. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673
70. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
71. | - https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
72. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
73. |
74. | [!] Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
75. | Fixed in: 5.2.4
76. | References:
77. | - https://wpscan.com/vulnerability/26a26de2-d598-405d-b00c-61f71cfacff6
78. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669
79. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670
80. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
81. | - https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
82. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
83. |
84. | [!] Title: WordPress <= 5.2.3 - Admin Referrer Validation
85. | Fixed in: 5.2.4
86. | References:
87. | - https://wpscan.com/vulnerability/715c00e3-5302-44ad-b914-131c162c3f71
88. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675
89. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
90. | - https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
91. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
92. |
93. | [!] Title: WordPress <= 5.3 - Authenticated Improper Access Controls in REST API
94. | Fixed in: 5.2.5
95. | References:
96. | - https://wpscan.com/vulnerability/4a6de154-5fbd-4c80-acd3-8902ee431bd8
97. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20043
98. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16788
99. | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
100. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw
101. |
102. | [!] Title: WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links
103. | Fixed in: 5.2.5
104. | References:
105. | - https://wpscan.com/vulnerability/23553517-34e3-40a9-a406-f3ffbe9dd265
106. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20042
107. | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
108. | - https://hackerone.com/reports/509930
109. | - https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d
110. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7
111. |
112. | [!] Title: WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content
113. | Fixed in: 5.2.5
114. | References:
115. | - https://wpscan.com/vulnerability/be794159-4486-4ae1-a5cc-5c190e5ddf5f
116. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16781
117. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16780
118. | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
119. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
120. |
121. | [!] Title: WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
122. | Fixed in: 5.2.5
123. | References:
124. | - https://wpscan.com/vulnerability/8fac612b-95d2-477a-a7d6-e5ec0bb9ca52
125. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20041
126. | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
127. | - https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
128. |
129. | [!] Title: WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated
130. | Fixed in: 5.2.6
131. | References:
132. | - https://wpscan.com/vulnerability/7db191c0-d112-4f08-a419-a1cd81928c4e
133. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11027
134. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
135. | - https://core.trac.wordpress.org/changeset/47634/
136. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
137. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw
138. |
139. | [!] Title: WordPress < 5.4.1 - Unauthenticated Users View Private Posts
140. | Fixed in: 5.2.6
141. | References:
142. | - https://wpscan.com/vulnerability/d1e1ba25-98c9-4ae7-8027-9632fb825a56
143. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11028
144. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
145. | - https://core.trac.wordpress.org/changeset/47635/
146. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
147. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w
148. |
149. | [!] Title: WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer
150. | Fixed in: 5.2.6
151. | References:
152. | - https://wpscan.com/vulnerability/4eee26bd-a27e-4509-a3a5-8019dd48e429
153. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11025
154. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
155. | - https://core.trac.wordpress.org/changeset/47633/
156. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
157. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c
158. |
159. | [!] Title: WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Search Block
160. | Fixed in: 5.2.6
161. | References:
162. | - https://wpscan.com/vulnerability/e4bda91b-067d-45e4-a8be-672ccf8b1a06
163. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11030
164. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
165. | - https://core.trac.wordpress.org/changeset/47636/
166. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
167. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-vccm-6gmc-qhjh
168. |
169. | [!] Title: WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache
170. | Fixed in: 5.2.6
171. | References:
172. | - https://wpscan.com/vulnerability/e721d8b9-a38f-44ac-8520-b4a9ed6a5157
173. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11029
174. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
175. | - https://core.trac.wordpress.org/changeset/47637/
176. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
177. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c
178. |
179. | [!] Title: WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads
180. | Fixed in: 5.2.6
181. | References:
182. | - https://wpscan.com/vulnerability/55438b63-5fc9-4812-afc4-2f1eff800d5f
183. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11026
184. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
185. | - https://core.trac.wordpress.org/changeset/47638/
186. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-update/
187. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2
188. | - https://hackerone.com/reports/179695
189. |
190. | [!] Title: WordPress <= 5.2.3 - Hardening Bypass
191. | Fixed in: 5.2.4
192. | References:
193. | - https://wpscan.com/vulnerability/378d7df5-bce2-406a-86b2-ff79cd699920
194. | - https://blog.ripstech.com/2020/wordpress-hardening-bypass/
195. | - https://hackerone.com/reports/436928
196. | - https://wordpress.org/news/2019/11/wordpress-5-2-4-update/
197. |
198. | [!] Title: WordPress < 5.4.2 - Authenticated XSS in Block Editor
199. | Fixed in: 5.2.7
200. | References:
201. | - https://wpscan.com/vulnerability/831e4a94-239c-4061-b66e-f5ca0dbb84fa
202. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4046
203. | - https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
204. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-rpwf-hrh2-39jf
205. | - https://pentest.co.uk/labs/research/subtle-stored-xss-wordpress-core/
206. | - https://www.youtube.com/watch?v=tCh7Y8z8fb4
207. |
208. | [!] Title: WordPress < 5.4.2 - Authenticated XSS via Media Files
209. | Fixed in: 5.2.7
210. | References:
211. | - https://wpscan.com/vulnerability/741d07d1-2476-430a-b82f-e1228a9343a4
212. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4047
213. | - https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
214. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-8q2w-5m27-wm27
215. |
216. | [!] Title: WordPress < 5.4.2 - Open Redirection
217. | Fixed in: 5.2.7
218. | References:
219. | - https://wpscan.com/vulnerability/12855f02-432e-4484-af09-7d0fbf596909
220. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4048
221. | - https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
222. | - https://github.com/WordPress/WordPress/commit/10e2a50c523cf0b9785555a688d7d36a40fbeccf
223. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-q6pw-gvf4-5fj5
224. |
225. | [!] Title: WordPress < 5.4.2 - Authenticated Stored XSS via Theme Upload
226. | Fixed in: 5.2.7
227. | References:
228. | - https://wpscan.com/vulnerability/d8addb42-e70b-4439-b828-fd0697e5d9d4
229. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4049
230. | - https://www.exploit-db.com/exploits/48770/
231. | - https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
232. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-87h4-phjv-rm6p
233. | - https://hackerone.com/reports/406289
234. |
235. | [!] Title: WordPress < 5.4.2 - Misuse of set-screen-option Leading to Privilege Escalation
236. | Fixed in: 5.2.7
237. | References:
238. | - https://wpscan.com/vulnerability/b6f69ff1-4c11-48d2-b512-c65168988c45
239. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4050
240. | - https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
241. | - https://github.com/WordPress/WordPress/commit/dda0ccdd18f6532481406cabede19ae2ed1f575d
242. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4vpv-fgg2-gcqc
243. |
244. | [!] Title: WordPress < 5.4.2 - Disclosure of Password-Protected Page/Post Comments
245. | Fixed in: 5.2.7
246. | References:
247. | - https://wpscan.com/vulnerability/eea6dbf5-e298-44a7-9b0d-f078ad4741f9
248. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25286
249. | - https://wordpress.org/news/2020/06/wordpress-5-4-2-security-and-maintenance-release/
250. | - https://github.com/WordPress/WordPress/commit/c075eec24f2f3214ab0d0fb0120a23082e6b1122
251. |
252. | [!] Title: WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
253. | Fixed in: 5.2.10
254. | References:
255. | - https://wpscan.com/vulnerability/6a3ec618-c79e-4b9c-9020-86b157458ac5
256. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450
257. | - https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/
258. | - https://blog.wpscan.com/2021/04/15/wordpress-571-security-vulnerability-release.html
259. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
260. | - https://core.trac.wordpress.org/changeset/50717/
261. | - https://www.youtube.com/watch?v=J2GXmxAdNWs
262. |
263. | [!] Title: WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer
264. | Fixed in: 5.2.11
265. | References:
266. | - https://wpscan.com/vulnerability/4cd46653-4470-40ff-8aac-318bee2f998d
267. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36326
268. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
269. | - https://github.com/WordPress/WordPress/commit/267061c9595fedd321582d14c21ec9e7da2dcf62
270. | - https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/
271. | - https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
272. | - https://www.wordfence.com/blog/2021/05/wordpress-5-7-2-security-release-what-you-need-to-know/
273. | - https://www.youtube.com/watch?v=HaW15aMzBUM
274. |
275. | [!] Title: WordPress < 5.8.2 - Expired DST Root CA X3 Certificate
276. | Fixed in: 5.2.13
277. | References:
278. | - https://wpscan.com/vulnerability/cc23344a-5c91-414a-91e3-c46db614da8d
279. | - https://wordpress.org/news/2021/11/wordpress-5-8-2-security-and-maintenance-release/
280. | - https://core.trac.wordpress.org/ticket/54207
281. |
282. | [!] Title: WordPress < 5.8 - Plugin Confusion
283. | Fixed in: 5.8
284. | References:
285. | - https://wpscan.com/vulnerability/95e01006-84e4-4e95-b5d7-68ea7b5aa1a8
286. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44223
287. | - https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-update-can-get-you-pwned/
288. |
289. | [!] Title: WordPress < 5.8.3 - SQL Injection via WP_Query
290. | Fixed in: 5.2.14
291. | References:
292. | - https://wpscan.com/vulnerability/7f768bcf-ed33-4b22-b432-d1e7f95c1317
293. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21661
294. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
295. | - https://hackerone.com/reports/1378209
296. |
297. | [!] Title: WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs
298. | Fixed in: 5.2.14
299. | References:
300. | - https://wpscan.com/vulnerability/dc6f04c2-7bf2-4a07-92b5-dd197e4d94c8
301. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21662
302. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
303. | - https://hackerone.com/reports/425342
304. | - https://blog.sonarsource.com/wordpress-stored-xss-vulnerability
305. |
306. | [!] Title: WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query
307. | Fixed in: 5.2.14
308. | References:
309. | - https://wpscan.com/vulnerability/24462ac4-7959-4575-97aa-a6dcceeae722
310. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21664
311. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
312. |
313. | [!] Title: WordPress < 5.8.3 - Super Admin Object Injection in Multisites
314. | Fixed in: 5.2.14
315. | References:
316. | - https://wpscan.com/vulnerability/008c21ab-3d7e-4d97-b6c3-db9d83f390a7
317. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21663
318. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
319. | - https://hackerone.com/reports/541469
320. |
321. | [!] Title: WordPress < 5.9.2 - Prototype Pollution in jQuery
322. | Fixed in: 5.2.15
323. | References:
324. | - https://wpscan.com/vulnerability/1ac912c1-5e29-41ac-8f76-a062de254c09
325. | - https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
326.  
327. [+] WordPress theme in use: construction-techup
328. | Location: http://office.paper/wp-content/themes/construction-techup/
329. | Last Updated: 2021-07-17T00:00:00.000Z
330. | Readme: http://office.paper/wp-content/themes/construction-techup/readme.txt
331. | [!] The version is out of date, the latest version is 1.4
332. | Style URL: http://office.paper/wp-content/themes/construction-techup/style.css?ver=1.1
333. | Style Name: Construction Techup
334. | Description: Construction Techup is child theme of Techup a Free WordPress Theme useful for Business, corporate and agency and Trade Institutional based websites. Theme has a full screen option. Theme is developed with creative design having multiple sections on Home Page. Theme has powerful features that let you write articles and blog posts with ease. It uses the best clean Construction practices, responsive HTML5, and on top of that, it is fast, simple, and easy to use. Use the Customizer to add your own background, page layout, site width and more. Theme is useful in NGO, Architecture, Builder, Construction, Technology, Health & Science, Religion, Property dealing and any kind of website. Theme has Slider, feature, callout, services, portfolio, testimonial, Team section. Theme support unlimited colors options too. You can customize logo and can add unlimited pages. Theme is responsive and supports all major plugins of WordPress.
335. | Author: wptexture
336. | Author URI: https://testerwp.com/
337. | Template: techup
338. | License: GNU General Public License v3 or later
339. | License URI: https://www.gnu.org/licenses/license-list.html#GNUGPLv3
340. | Tags: left-sidebar, right-sidebar, one-column, two-columns, three-columns, four-columns, grid-layout, custom-colors, custom-background, custom-logo, custom-menu, custom-header, editor-style, featured-images, footer-widgets, sticky-post, full-width-template, theme-options, translation-ready, threaded-comments, post-formats, rtl-language-support, blog, portfolio, e-commerce
341. | Text Domain: construction-techup
342. |
343. | Found By: Css Style In Homepage (Passive Detection)
344. |
345. | Version: 1.1 (80% confidence)
346. | Found By: Style (Passive Detection)
347. | - http://office.paper/wp-content/themes/construction-techup/style.css?ver=1.1, Match: 'Version: 1.1'
348.  
349.  
350. [i] No plugins Found.
351.  
352. [+] WPScan DB API OK
353. | Plan: free
354. | Requests Done (during the scan): 2
355. | Requests Remaining: 21
356.  
357. [+] Finished: Tue Mar 22 17:35:07 2022
358. [+] Requests Done: 36
359. [+] Cached Requests: 5
360. [+] Data Sent: 8.613 KB
361. [+] Data Received: 163.796 KB
362. [+] Memory used: 222.621 MB
363. [+] Elapsed time: 00:00:15
364.