Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- _______________________________________________________________
- __ _______ _____
- \ \ / / __ \ / ____|
- \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
- \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
- \ /\ / | | ____) | (__| (_| | | | |
- \/ \/ |_| |_____/ \___|\__,_|_| |_|
- WordPress Security Scanner by the WPScan Team
- Version 2.9.4
- Sponsored by Sucuri - https://sucuri.net
- @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
- _______________________________________________________________
- [i] It seems like you have not updated the database for some time
- [?] Do you want to update now? [Y]es [N]o [A]bort update, default: [N] > Y
- [i] Updating the Database ...
- [i] Update completed
- [+] URL: https://www.pivert-store.com/
- [+] Started: Fri Jul 20 17:58:24 2018
- [+] Interesting header: CF-RAY: 43d6a10e7baa3c6b-CDG
- [+] Interesting header: EXPECT-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
- [+] Interesting header: LINK: <https://www.pivert-store.com/>; rel=shortlink
- [+] Interesting header: SERVER: cloudflare
- [+] Interesting header: X-CACHE-STATUS: BYPASS
- [+] Interesting header: X-POWERED-BY: PHP/7.0.30
- [+] Interesting header: X-POWERED-BY: PleskLin
- [+] robots.txt available under: https://www.pivert-store.com/robots.txt [HTTP 200]
- [+] Interesting entry from robots.txt: https://www.pivert-store.com/author/ [HTTP 404]
- [+] Interesting entry from robots.txt: https://www.pivert-store.com/tag/ [HTTP 404]
- [+] Sitemap found: https://www.pivert-store.com/robots.txt [HTTP 200]
- [+] Sitemap entry: https://www.pivert-store.com/sitemap_index.xml [HTTP 200]
- [+] XML-RPC Interface available under: https://www.pivert-store.com/xmlrpc.php [HTTP 405]
- [+] API exposed: https://www.pivert-store.com/wp-json/ [HTTP 200]
- [+] Found an RSS Feed: https://www.pivert-store.com/feed [HTTP 200]
- [!] Detected 1 user from RSS feed:
- +--------------+
- | Name |
- +--------------+
- | pivert_store |
- +--------------+
- [+] Enumerating WordPress version ...
- [+] WordPress version 3.4.1 (Released on 2012-06-27) identified from stylesheets numbers
- [!] 41 vulnerabilities identified from the version number
- [!] Title: Wordpress 3.4 - 3.5.1 /wp-admin/users.php Malformed s Parameter Path Disclosure
- Reference: https://wpvulndb.com/vulnerabilities/5978
- Reference: http://seclists.org/fulldisclosure/2013/Jul/70
- [i] Fixed in: 3.5.2
- [!] Title: WordPress 3.4 - 3.5.1 DoS in class-phpass.php
- Reference: https://wpvulndb.com/vulnerabilities/5986
- Reference: http://seclists.org/fulldisclosure/2013/Jun/65
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2173
- Reference: https://secunia.com/advisories/53676/
- [i] Fixed in: 3.5.2
- [!] Title: WordPress 3.3.2 - 3.5 Cross-Site Scripting (XSS) (Issue 3)
- Reference: https://wpvulndb.com/vulnerabilities/5987
- Reference: https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues
- [!] Title: WordPress 1.5.1 - 3.5 XMLRPC Pingback API Internal/External Port Scanning
- Reference: https://wpvulndb.com/vulnerabilities/5988
- Reference: https://github.com/FireFart/WordpressPingbackPortScanner
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0235
- [i] Fixed in: 3.5.1
- [!] Title: WordPress 1.5.1 - 3.5 XMLRPC pingback additional issues
- Reference: https://wpvulndb.com/vulnerabilities/5989
- Reference: http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html
- [!] Title: WordPress 3.0 - 3.6 Crafted String URL Redirect Restriction Bypass
- Reference: https://wpvulndb.com/vulnerabilities/5970
- Reference: http://packetstormsecurity.com/files/123589/
- Reference: http://core.trac.wordpress.org/changeset/25323
- Reference: http://www.gossamer-threads.com/lists/fulldisc/full-disclosure/91609
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4339
- Reference: https://secunia.com/advisories/54803/
- Reference: https://www.exploit-db.com/exploits/28958/
- [i] Fixed in: 3.6.1
- [!] Title: WordPress Plupload Unspecified XSS
- Reference: https://wpvulndb.com/vulnerabilities/5966
- Reference: https://secunia.com/advisories/57769/
- [i] Fixed in: 3.5.1
- [!] Title: WordPress 2.0.3 - 3.9.1 (except 3.7.4 / 3.8.4) CSRF Token Brute Forcing
- Reference: https://wpvulndb.com/vulnerabilities/7528
- Reference: https://core.trac.wordpress.org/changeset/29384
- Reference: https://core.trac.wordpress.org/changeset/29408
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5204
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5205
- [i] Fixed in: 3.9.2
- [!] Title: WordPress 3.0 - 3.9.1 Authenticated Cross-Site Scripting (XSS) in Multisite
- Reference: https://wpvulndb.com/vulnerabilities/7529
- Reference: https://core.trac.wordpress.org/changeset/29398
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5240
- [i] Fixed in: 3.9.2
- [!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/7680
- Reference: http://klikki.fi/adv/wordpress.html
- Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
- Reference: http://klikki.fi/adv/wordpress_update.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9031
- [i] Fixed in: 4.0
- [!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
- Reference: https://wpvulndb.com/vulnerabilities/7681
- Reference: http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html
- Reference: https://wordpress.org/news/2014/11/wordpress-4-0-1/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9034
- Reference: https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
- Reference: https://www.exploit-db.com/exploits/35413/
- Reference: https://www.exploit-db.com/exploits/35414/
- [i] Fixed in: 4.0.1
- [!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
- Reference: https://wpvulndb.com/vulnerabilities/7696
- Reference: http://www.securityfocus.com/bid/71234/
- Reference: https://core.trac.wordpress.org/changeset/30444
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9038
- [i] Fixed in: 4.0.1
- [!] Title: WordPress <= 4.2.2 - Authenticated Stored Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8111
- Reference: https://wordpress.org/news/2015/07/wordpress-4-2-3/
- Reference: https://twitter.com/klikkioy/status/624264122570526720
- Reference: https://klikki.fi/adv/wordpress3.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5622
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5623
- [i] Fixed in: 4.2.3
- [!] Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
- Reference: https://wpvulndb.com/vulnerabilities/8473
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
- [i] Fixed in: 4.5
- [!] Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
- Reference: https://wpvulndb.com/vulnerabilities/8474
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
- [i] Fixed in: 4.5
- [!] Title: WordPress <= 4.4.2 - Script Compression Option CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8475
- Reference: https://codex.wordpress.org/Version_4.5
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635 [316/536]
- [i] Fixed in: 4.5
- [!] Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
- Reference: https://wpvulndb.com/vulnerabilities/8520
- Reference: https://wordpress.org/news/2016/06/wordpress-4-5-3/
- Reference: https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
- [i] Fixed in: 4.5.3
- [!] Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
- Reference: https://wpvulndb.com/vulnerabilities/8615
- Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
- Reference: https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
- Reference: http://seclists.org/fulldisclosure/2016/Sep/6
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
- [i] Fixed in: 4.6.1
- [!] Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
- Reference: https://wpvulndb.com/vulnerabilities/8616
- Reference: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
- [i] Fixed in: 4.6.1
- [!] Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
- Reference: https://wpvulndb.com/vulnerabilities/8716
- Reference: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
- [i] Fixed in: 4.7.1
- [!] Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
- Reference: https://wpvulndb.com/vulnerabilities/8718
- Reference: https://www.mehmetince.net/low-severity-wordpress/
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
- [i] Fixed in: 4.7.1
- [!] Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
- Reference: https://wpvulndb.com/vulnerabilities/8719
- Reference: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
- [i] Fixed in: 4.7.1
- [!] Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
- Reference: https://wpvulndb.com/vulnerabilities/8720
- Reference: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
- [i] Fixed in: 4.7.1
- [!] Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
- Reference: https://wpvulndb.com/vulnerabilities/8721
- Reference: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
- Reference: https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
- [i] Fixed in: 4.7.1
- [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
- Reference: https://wpvulndb.com/vulnerabilities/8766
- Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
- [i] Fixed in: 4.7.3
- [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
- Reference: https://wpvulndb.com/vulnerabilities/8807
- Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
- Reference: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
- Reference: https://core.trac.wordpress.org/ticket/25239
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
- [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
- Reference: https://wpvulndb.com/vulnerabilities/8815
- Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
- Reference: https://wpvulndb.com/vulnerabilities/8816
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
- Reference: https://wpvulndb.com/vulnerabilities/8817
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8818
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
- Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
- Reference: https://wpvulndb.com/vulnerabilities/8819
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
- Reference: https://hackerone.com/reports/203515
- Reference: https://hackerone.com/reports/203515
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
- Reference: https://wpvulndb.com/vulnerabilities/8820
- Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
- Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
- Reference: https://wpvulndb.com/vulnerabilities/8905
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress commit/70b21279098fc973eae803693c0705a548128e48
- Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec [191/536]
- [i] Fixed in: 4.8.2
- [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
- Reference: https://wpvulndb.com/vulnerabilities/8906
- Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
- Reference: https://wpvulndb.com/vulnerabilities/8905
- [i] Fixed in: 4.7.5
- [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
- Reference: https://wpvulndb.com/vulnerabilities/8910
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41398
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
- [i] Fixed in: 4.8.2
- [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
- Reference: https://wpvulndb.com/vulnerabilities/8911
- Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
- Reference: https://core.trac.wordpress.org/changeset/41457
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
- [i] Fixed in: 4.8.2
- [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
- Reference: https://wpvulndb.com/vulnerabilities/8941
- Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
- Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
- Reference: https://twitter.com/ircmaxell/status/923662170092638208
- Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
- [i] Fixed in: 4.8.3
- [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
- Reference: https://wpvulndb.com/vulnerabilities/8966
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
- [i] Fixed in: 4.9.1
- [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
- Reference: https://wpvulndb.com/vulnerabilities/8967
- Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
- Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
- [i] Fixed in: 4.9.1
- [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
- Reference: https://wpvulndb.com/vulnerabilities/9021
- Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
- Reference: https://github.com/quitten/doser.py
- Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
- [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
- Reference: https://wpvulndb.com/vulnerabilities/9100
- Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
- Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
- Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
- Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
- Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
- [+] WordPress theme in use: mrtailor - v2.6.9 [127/536]
- [+] Name: mrtailor - v2.6.9
- | Location: https://www.pivert-store.com/wp-content/themes/mrtailor/
- | Style URL: https://www.pivert-store.com/wp-content/themes/mrtailor/style.css
- | Referenced style.css: https://www.pivert-store.com/wp-content/themes/mrtailor/inc/fonts/getbowtied-fonts/style.css
- | Theme Name: Mr. Tailor
- | Theme URI: http://www.getbowtied.com/
- | Description: Mr. Tailor is premium WordPress and WooCommerce theme that will help you tell your story and sell...
- | Author: Get Bowtied
- | Author URI: http://www.getbowtied.com/
- [+] Enumerating plugins from passive detection ...
- | 19 plugins found:
- [+] Name: boxzilla - v3.2.4
- | Last updated: 2018-06-27T08:37:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/boxzilla/
- | Readme: https://www.pivert-store.com/wp-content/plugins/boxzilla/readme.txt
- [!] The version is out of date, the latest version is 3.2.6
- [+] Name: contact-form-7 - v5.0.2
- | Last updated: 2018-07-12T12:37:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/contact-form-7/
- | Readme: https://www.pivert-store.com/wp-content/plugins/contact-form-7/readme.txt
- [!] The version is out of date, the latest version is 5.0.3
- [+] Name: duracelltomi-google-tag-manager - v1.8
- | Last updated: 2018-06-05T07:53:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/duracelltomi-google-tag-manager/
- | Readme: https://www.pivert-store.com/wp-content/plugins/duracelltomi-google-tag-manager/readme.txt
- [!] The version is out of date, the latest version is 1.8.1
- [+] Name: js_composer
- | Location: https://www.pivert-store.com/wp-content/plugins/js_composer/
- [!] We could not determine the version installed. All of the past known vulnerabilities will be output to allow you to do your own manual investigation.
- [!] Title: Visual Composer <= 4.7.3 - Multiple Unspecified Cross-Site Scripting (XSS)
- Reference: https://wpvulndb.com/vulnerabilities/8208
- Reference: http://codecanyon.net/item/visual-composer-page-builder-for-wordpress/242431
- Reference: https://forums.envato.com/t/visual-composer-security-vulnerability-fix/10494/7
- [i] Fixed in: 4.7.4
- [+] Name: mailchimp-for-woocommerce - v2.1.7
- | Last updated: 2018-07-12T15:40:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/mailchimp-for-woocommerce/
- | Readme: https://www.pivert-store.com/wp-content/plugins/mailchimp-for-woocommerce/README.txt
- [!] The version is out of date, the latest version is 2.1.9
- [+] Name: mailchimp-for-wp - v4.2.2
- | Last updated: 2018-07-09T11:04:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/mailchimp-for-wp/
- | Readme: https://www.pivert-store.com/wp-content/plugins/mailchimp-for-wp/readme.txt
- | Changelog: https://www.pivert-store.com/wp-content/plugins/mailchimp-for-wp/CHANGELOG.md
- [!] The version is out of date, the latest version is 4.2.4
- [+] Name: mailchimp-top-bar - v1.3.1
- | Latest version: 1.3.1 (up to date)
- | Last updated: 2018-05-29T08:14:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/mailchimp-top-bar/
- | Readme: https://www.pivert-store.com/wp-content/plugins/mailchimp-top-bar/readme.txt
- | Changelog: https://www.pivert-store.com/wp-content/plugins/mailchimp-top-bar/CHANGELOG.md
- [+] Name: paypal-for-woocommerce - v1.4.9 [63/536]
- | Last updated: 2018-07-17T05:39:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/paypal-for-woocommerce/
- | Readme: https://www.pivert-store.com/wp-content/plugins/paypal-for-woocommerce/readme.txt
- [!] The version is out of date, the latest version is 1.4.14
- [+] Name: sitepress-multilingual-cms
- | Latest version: 2.0.4.1
- | Last updated: 2011-06-05T13:40:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/sitepress-multilingual-cms/
- [!] We could not determine the version installed. All of the past known vulnerabilities will be output to allow you to do your own manual investigation.
- [!] Title: sitepress-multilingual-cms - Full Path Disclosure
- Reference: https://wpvulndb.com/vulnerabilities/6104
- [i] Fixed in: 3.1.7.2
- [!] Title: WPML <= 3.1.7.2 - Multiple Vulnerabilities (Including SQLi)
- Reference: https://wpvulndb.com/vulnerabilities/7843
- Reference: http://seclists.org/bugtraq/2015/Mar/60
- Reference: http://wpml.org/2015/03/wpml-security-update-bug-and-fix/
- Reference: http://packetstormsecurity.com/files/130810/
- Reference: http://klikki.fi/adv/wpml.html
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2314
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2791
- Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2792
- Reference: https://www.exploit-db.com/exploits/36414/
- [i] Fixed in: 3.1.9
- [!] Title: WPML 2.9.3-3.2.6 - Cross-Site Scripting (XSS) in Accept-Language Header
- Reference: https://wpvulndb.com/vulnerabilities/8173
- Reference: http://blog.secupress.fr/en/xss-wpml-header-405.html
- [i] Fixed in: 3.2.7
- [+] Name: sizeguide
- | Location: https://www.pivert-store.com/wp-content/plugins/sizeguide/
- [+] Name: woocommerce - v3.4.1
- | Last updated: 2018-06-20T17:38:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/woocommerce/
- | Readme: https://www.pivert-store.com/wp-content/plugins/woocommerce/readme.txt
- [!] The version is out of date, the latest version is 3.4.3
- [+] Name: woocommerce-currency-switcher - v1.2.4
- | Last updated: 2018-06-30T09:05:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/woocommerce-currency-switcher/
- | Readme: https://www.pivert-store.com/wp-content/plugins/woocommerce-currency-switcher/readme.txt
- [!] The version is out of date, the latest version is 1.2.5.1
- [+] Name: woocommerce-extra-accounts-fields - v4.3
- | Latest version: 1.0.2 (up to date)
- | Last updated: 2018-02-12T22:25:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/woocommerce-extra-accounts-fields/
- | Readme: https://www.pivert-store.com/wp-content/plugins/woocommerce-extra-accounts-fields/README.txt
- [+] Name: woocommerce-google-dynamic-retargeting-tag - v1.4.6
- | Last updated: 2018-07-04T07:54:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/woocommerce-google-dynamic-retargeting-tag/
- | Readme: https://www.pivert-store.com/wp-content/plugins/woocommerce-google-dynamic-retargeting-tag/readme.txt
- [!] The version is out of date, the latest version is 1.4.7
- [+] Name: woocommerce-multilingual - v4.2.10
- | Last updated: 2018-07-02T06:22:00.000Z
- | Last updated: 2018-07-02T06:22:00.000Z [1/536]
- | Location: https://www.pivert-store.com/wp-content/plugins/woocommerce-multilingual/
- | Readme: https://www.pivert-store.com/wp-content/plugins/woocommerce-multilingual/readme.txt
- [!] The version is out of date, the latest version is 4.3.3
- [+] Name: wp-google-map-plugin - v4.0.6
- | Latest version: 4.0.6 (up to date)
- | Last updated: 2018-05-30T09:57:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/wp-google-map-plugin/
- | Readme: https://www.pivert-store.com/wp-content/plugins/wp-google-map-plugin/readme.txt
- [+] Name: wp-menu-cart-pro
- | Location: https://www.pivert-store.com/wp-content/plugins/wp-menu-cart-pro/
- | Changelog: https://www.pivert-store.com/wp-content/plugins/wp-menu-cart-pro/changelog.txt
- [+] Name: wpml-cms-nav
- | Location: https://www.pivert-store.com/wp-content/plugins/wpml-cms-nav/
- [+] Name: wordpress-seo - v7.5.3
- | Last updated: 2018-07-10T08:34:00.000Z
- | Location: https://www.pivert-store.com/wp-content/plugins/wordpress-seo/
- | Readme: https://www.pivert-store.com/wp-content/plugins/wordpress-seo/readme.txt
- [!] The version is out of date, the latest version is 7.8
- [+] Enumerating usernames ...
- [+] We did not enumerate any usernames
- [+] Finished: Fri Jul 20 18:03:32 2018
- [+] Elapsed time: 00:05:07
- [+] Requests made: 549
- [+] Memory used: 151.852 MB
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement