Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 3.4.0
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
- _______________________________________________________________
- [32m[+][0m URL: http://myharddrivedied.com/press/
- [32m[+][0m Started: Wed Nov 14 01:25:58 2018
- Interesting Finding(s):
- [32m[+][0m http://myharddrivedied.com/press/
- | Interesting Entry: Server: Apache
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- [32m[+][0m http://myharddrivedied.com/press/xmlrpc.php
- | Found By: Headers (Passive Detection)
- | Confidence: 100%
- | Confirmed By:
- | - Link Tag (Passive Detection), 30% confidence
- | - Direct Access (Aggressive Detection), 100% confidence
- | References:
- | - http://codex.wordpress.org/XML-RPC_Pingback_API
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
- | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
- [32m[+][0m http://myharddrivedied.com/press/readme.html
- | Found By: Direct Access (Aggressive Detection)
- | Confidence: 100%
- [32m[+][0m WordPress version 3.5.1 identified (Insecure, released on 2013-01-24).
- | Detected By: Rss Generator (Passive Detection)
- | - http://myharddrivedied.com/press/?feed=rss2, <generator>http://wordpress.org/?v=3.5.1</generator>
- | - http://myharddrivedied.com/press/?feed=comments-rss2, <generator>http://wordpress.org/?v=3.5.1</generator>
- |
- | [31m[!][0m 45 vulnerabilities identified:
- |
- | [31m[!][0m Title: Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
- | Fixed in: 3.5.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/5978
- | - http://seclists.org/fulldisclosure/2013/Jul/70
- |
- | [31m[!][0m Title: WordPress 3.4-3.5.1 DoS in class-phpass.php
- | Fixed in: 3.5.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/5979
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173
- | - https://secunia.com/advisories/53676/
- | - http://seclists.org/fulldisclosure/2013/Jun/65
- |
- | [31m[!][0m Title: WordPress 3.5.1 Multiple XSS
- | Fixed in: 3.5.2
- | Reference: https://wpvulndb.com/vulnerabilities/5980
- |
- | [31m[!][0m Title: WordPress 3.5.1 TinyMCE Plugin Flash Applet Unspecified Spoofing Weakness
- | Fixed in: 3.5.2
- | Reference: https://wpvulndb.com/vulnerabilities/5981
- |
- | [31m[!][0m Title: WordPress 3.5-3.5.1 oEmbed Unspecified XML External Entity (XXE)
- | Fixed in: 3.5.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/5983
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2202
- |
- | [31m[!][0m Title: WordPress 3.5-3.5.1 Multiple Role Remote Privilege Escalation
- | Fixed in: 3.5.2
- | Reference: https://wpvulndb.com/vulnerabilities/5984
- |
- | [31m[!][0m Title: WordPress 3.5-3.5.1 HTTP API Unspecified Server Side Request Forgery (SSRF)
- | Fixed in: 3.5.2
- | Reference: https://wpvulndb.com/vulnerabilities/5985
- |
- | [31m[!][0m Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
- | Fixed in: 3.6.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/5970
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
- | - https://secunia.com/advisories/54803/
- | - https://www.exploit-db.com/exploits/28958/
- | - http://packetstormsecurity.com/files/123589/
- | - http://core.trac.wordpress.org/changeset/25323
- | - http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
- |
- | [31m[!][0m Title: WordPress 3.5 - 3.7.1 XML-RPC DoS
- | Fixed in: 3.9.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/7526
- | - http://wordpress.org/news/2014/08/wordpress-3-9-2/
- | - http://mashable.com/2014/08/06/wordpress-xml-blowup-dos/
- | - http://www.breaksec.com/?p=6362
- |
- | [31m[!][0m Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
- | Fixed in: 3.9.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/7528
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
- | - https://core.trac.wordpress.org/changeset/29384
- | - https://core.trac.wordpress.org/changeset/29408
- |
- | [31m[!][0m Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
- | Fixed in: 3.9.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/7529
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
- | - https://core.trac.wordpress.org/changeset/29398
- |
- | [31m[!][0m Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
- | Fixed in: 4.0
- | References:
- | - https://wpvulndb.com/vulnerabilities/7531
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5868
- | - http://whiteoaksecurity.com/blog/2012/12/17/cve-2012-5868-wordpress-342-sessions-not-terminated-upon-explicit-user-logout
- | - http://blog.spiderlabs.com/2014/09/leveraging-lfi-to-get-full-compromise-on-wordpress-sites.html
- |
- | [31m[!][0m Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
- | Fixed in: 4.0
- | References:
- | - https://wpvulndb.com/vulnerabilities/7680
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
- | - http://klikki.fi/adv/wordpress.html
- | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
- | - http://klikki.fi/adv/wordpress_update.html
- |
- | [31m[!][0m Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
- | Fixed in: 4.0.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/7681
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
- | - https://www.exploit-db.com/exploits/35413/
- | - https://www.exploit-db.com/exploits/35414/
- | - http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
- | - https://wordpress.org/news/2014/11/wordpress-4-0-1/
- | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
- |
- | [31m[!][0m Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
- | Fixed in: 4.0.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/7696
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
- | - http://www.securityfocus.com/bid/71234/
- | - https://core.trac.wordpress.org/changeset/30444
- |
- | [31m[!][0m Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
- | Fixed in: 4.2.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8111
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
- | - https://wordpress.org/news/2015/07/wordpress-4-2-3/
- | - https://twitter.com/klikkioy/status/624264122570526720
- | - https://klikki.fi/adv/wordpress3.html
- |
- | [31m[!][0m Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
- | Fixed in: 4.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8473
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
- | - https://codex.wordpress.org/Version_4.5
- | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
- |
- | [31m[!][0m Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
- | Fixed in: 4.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8474
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
- | - https://codex.wordpress.org/Version_4.5
- | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
- |
- | [31m[!][0m Title: WordPress <= 4.4.2 - Script Compression Option CSRF
- | Fixed in: 4.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8475
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
- | - https://codex.wordpress.org/Version_4.5
- |
- | [31m[!][0m Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
- | Fixed in: 4.5.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8520
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
- | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
- | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
- |
- | [31m[!][0m Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
- | Fixed in: 4.6.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8615
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
- | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
- | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
- | - http://seclists.org/fulldisclosure/2016/Sep/6
- |
- | [31m[!][0m Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
- | Fixed in: 4.6.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8616
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
- | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
- |
- | [31m[!][0m Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8716
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
- | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- |
- | [31m[!][0m Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8718
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
- | - https://www.mehmetince.net/low-severity-wordpress/
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
- |
- | [31m[!][0m Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8719
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
- | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- |
- | [31m[!][0m Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8720
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
- | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- |
- | [31m[!][0m Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- | Fixed in: 4.7.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8721
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
- | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
- | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- |
- | [31m[!][0m Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
- | Fixed in: 4.7.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8730
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
- | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
- | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
- |
- | [31m[!][0m Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
- | Fixed in: 4.7.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8766
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
- | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
- |
- | [31m[!][0m Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- | References:
- | - https://wpvulndb.com/vulnerabilities/8807
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- | - http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- | - https://core.trac.wordpress.org/ticket/25239
- |
- | [31m[!][0m Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8815
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
- | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- |
- | [31m[!][0m Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8816
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
- |
- | [31m[!][0m Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8817
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
- |
- | [31m[!][0m Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8818
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
- | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
- |
- | [31m[!][0m Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8819
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
- | - https://hackerone.com/reports/203515
- | - https://hackerone.com/reports/203515
- |
- | [31m[!][0m Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8820
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
- | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
- | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
- |
- | [31m[!][0m Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8905
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
- |
- | [31m[!][0m Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
- | Fixed in: 4.7.5
- | References:
- | - https://wpvulndb.com/vulnerabilities/8906
- | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- | - https://wpvulndb.com/vulnerabilities/8905
- |
- | [31m[!][0m Title: WordPress 2.9.2-4.8.1 - Open Redirect
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8910
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41398
- |
- | [31m[!][0m Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- | Fixed in: 4.8.2
- | References:
- | - https://wpvulndb.com/vulnerabilities/8911
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- | - https://core.trac.wordpress.org/changeset/41457
- |
- | [31m[!][0m Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- | Fixed in: 4.8.3
- | References:
- | - https://wpvulndb.com/vulnerabilities/8941
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- | - https://twitter.com/ircmaxell/status/923662170092638208
- | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- |
- | [31m[!][0m Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- | Fixed in: 4.9.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8966
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- |
- | [31m[!][0m Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- | Fixed in: 4.9.1
- | References:
- | - https://wpvulndb.com/vulnerabilities/8967
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- |
- | [31m[!][0m Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- | References:
- | - https://wpvulndb.com/vulnerabilities/9021
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- | - https://github.com/quitten/doser.py
- | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- |
- | [31m[!][0m Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- | References:
- | - https://wpvulndb.com/vulnerabilities/9100
- | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- [32m[+][0m WordPress theme in use: twentytwelve
- | Location: http://myharddrivedied.com/press/wp-content/themes/twentytwelve/
- | Last Updated: 2018-05-17T00:00:00.000Z
- | [33m[!][0m The version is out of date, the latest version is 2.5
- | Style URL: http://myharddrivedied.com/press/wp-content/themes/twentytwelve/style.css?ver=3.5.1
- | Style Name: Twenty Twelve
- | Style URI: http://wordpress.org/extend/themes/twentytwelve
- | Description: The 2012 theme for WordPress is a fully responsive theme that looks great on any device. Features in...
- | Author: the WordPress team
- | Author URI: http://wordpress.org/
- |
- | Detected By: Css Style (Passive Detection)
- |
- | Version: 1.1 (80% confidence)
- | Detected By: Style (Passive Detection)
- | - http://myharddrivedied.com/press/wp-content/themes/twentytwelve/style.css?ver=3.5.1, Match: 'Version: 1.1'
- [34m[i][0m No plugins Found.
- [34m[i][0m No Config Backups Found.
- [32m[+][0m Finished: Wed Nov 14 01:26:02 2018
- [32m[+][0m Requests Done: 22
- [32m[+][0m Cached Requests: 37
- [32m[+][0m Data Sent: 6.172 KB
- [32m[+][0m Data Received: 12.855 KB
- [32m[+][0m Memory used: 73.973 MB
- [32m[+][0m Elapsed time: 00:00:03
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement