API tools faq
paste
Guest User

Untitled

a guest
Mar 20th, 2022
137
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 27.88 KB | None | 0 0
raw download clone embed print report
  1.  
  2.  
  3. $ wpscan --url https://lapinblanc.me
  4. _______________________________________________________________
  5. __ _______ _____
  6. \ \ / / __ \ / ____|
  7. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
  8. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  9. \ /\ / | | ____) | (__| (_| | | | |
  10. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  11.  
  12. WordPress Security Scanner by the WPScan Team
  13. Version 3.8.21
  14.  
  15. @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
  16. _______________________________________________________________
  17.  
  18. [i] Up​ersonne bien eduquéeating the Database ...
  19. [i] Up​ersonne bien eduquéeate completed.
  20.  
  21. [+] URL: https://lapinblanc.me/ [87.98.154.146]
  22. [+] Started: Sun Mar 20 09:46:50 2022
  23.  
  24. Interesting Finding(s):
  25.  
  26. [+] Headers
  27. | Interesting Entries:
  28. | - server: Apache
  29. | - x-powered-by: PHP/7.0
  30. | Found By: Headers (Passive Detection)
  31. | Confidence: 100%
  32.  
  33. [+] robots.txt found: https://lapinblanc.me/robots.txt
  34. | Interesting Entries:
  35. | - /wp-admin/
  36. | - /wp-admin/admin-ajax.php
  37. | Found By: Robots Txt (Aggressive Detection)
  38. | Confidence: 100%
  39.  
  40. [+] XML-RPC seems to be enabled: https://lapinblanc.me/xmlrpc.php
  41. | Found By: Link Tag (Passive Detection)
  42. | Confidence: 100%
  43. | Confirmed By: Direct Access (Aggressive Detection), 100% confidence
  44. | References:
  45. | - http://codex.wordpress.org/XML-RPC_Pingback_API
  46. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
  47. | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
  48. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
  49. | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
  50.  
  51. [+] WordPress readme found: https://lapinblanc.me/readme.html
  52. | Found By: Direct Access (Aggressive Detection)
  53. | Confidence: 100%
  54.  
  55. [+] Upload directory has listing enabled: https://lapinblanc.me/wp-content/uploads/
  56. | Found By: Direct Access (Aggressive Detection)
  57. | Confidence: 100%
  58.  
  59. [+] The external WP-Cron seems to be enabled: https://lapinblanc.me/wp-cron.php
  60. | Found By: Direct Access (Aggressive Detection)
  61. | Confidence: 60%
  62. | References:
  63. | - https://www.iplocation.net/defend-wordpress-from-ddos
  64. | - https://github.com/wpscanteam/wpscan/issues/1299
  65.  
  66. [+] WordPress version 4.9.3 identified (Insecure, released on 2018-02-05).
  67. | Found By: Rss Generator (Passive Detection)
  68. | - https://lapinblanc.me/feed/, <generator>https://wordpress.org/?v=4.9.3</generator>
  69. | - https://lapinblanc.me/comments/feed/, <generator>https://wordpress.org/?v=4.9.3</generator>
  70. |
  71. | [!] 38 vulnerabilities identified:
  72. |
  73. | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
  74. | References:
  75. | - https://wpscan.com/vulnerability/5e0c1ddd-fdd0-421b-bdbe-3eee6b75c919
  76. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
  77. | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
  78. | - https://github.com/quitten/doser.py
  79. | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
  80. |
  81. | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
  82. | Fixed in: 4.9.5
  83. | References:
  84. | - https://wpscan.com/vulnerability/835614a2-ad92-4027-b485-24b39038171d
  85. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
  86. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  87. | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
  88. |
  89. | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
  90. | Fixed in: 4.9.5
  91. | References:
  92. | - https://wpscan.com/vulnerability/01b587e0-0a86-47af-a088-6e5e350e8247
  93. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
  94. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  95. | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
  96. |
  97. | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
  98. | Fixed in: 4.9.5
  99. | References:
  100. | - https://wpscan.com/vulnerability/2b7c77c3-8dbc-4a2a-9ea3-9929c3373557
  101. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
  102. | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
  103. | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
  104. |
  105. | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
  106. | Fixed in: 4.9.7
  107. | References:
  108. | - https://wpscan.com/vulnerability/42ab2bd9-bbb1-4f25-a632-1811c5130bb4
  109. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
  110. | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
  111. | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
  112. | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
  113. | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
  114. | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
  115. |
  116. | [!] Title: WordPress <= 5.0 - Authenticated File Delete
  117. | Fixed in: 4.9.9
  118. | References:
  119. | - https://wpscan.com/vulnerability/e3ef8976-11cb-4854-837f-786f43cbdf44
  120. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
  121. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  122. |
  123. | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
  124. | Fixed in: 4.9.9
  125. | References:
  126. | - https://wpscan.com/vulnerability/999dba5a-82fb-4717-89c3-6ed723cc7e45
  127. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
  128. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  129. | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
  130. |
  131. | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
  132. | Fixed in: 4.9.9
  133. | References:
  134. | - https://wpscan.com/vulnerability/046ff6a0-90b2-4251-98fc-b7fba93f8334
  135. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
  136. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  137. |
  138. | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
  139. | Fixed in: 4.9.9
  140. | References:
  141. | - https://wpscan.com/vulnerability/3182002e-d831-4412-a27d-a5e39bb44314
  142. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
  143. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  144. |
  145. | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
  146. | Fixed in: 4.9.9
  147. | References:
  148. | - https://wpscan.com/vulnerability/7f7a0795-4dd7-417d-804e-54f12595d1e4
  149. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
  150. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  151. | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
  152. |
  153. | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
  154. | Fixed in: 4.9.9
  155. | References:
  156. | - https://wpscan.com/vulnerability/65f1aec4-6d28-4396-88d7-66702b21c7a2
  157. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
  158. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  159. |
  160. | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
  161. | Fixed in: 4.9.9
  162. | References:
  163. | - https://wpscan.com/vulnerability/d741f5ae-52ca-417d-a2ca-acdfb7ca5808
  164. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
  165. | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
  166. | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
  167. |
  168. | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
  169. | Fixed in: 4.9.9
  170. | References:
  171. | - https://wpscan.com/vulnerability/1a693e57-f99c-4df6-93dd-0cdc92fd0526
  172. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
  173. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
  174. | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
  175. | - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
  176. |
  177. | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
  178. | Fixed in: 4.9.10
  179. | References:
  180. | - https://wpscan.com/vulnerability/d150f43f-6030-4191-98b8-20ae05585936
  181. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
  182. | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
  183. | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
  184. | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
  185. |
  186. | [!] Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
  187. | Fixed in: 4.9.11
  188. | References:
  189. | - https://wpscan.com/vulnerability/4494a903-5a73-4cad-8c14-1e7b4da2be61
  190. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222
  191. | - https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
  192. | - https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
  193. | - https://hackerone.com/reports/339483
  194. |
  195. | [!] Title: WordPress <= 5.2.3 - Stored XSS in Customizer
  196. | Fixed in: 4.9.12
  197. | References:
  198. | - https://wpscan.com/vulnerability/d39a7b84-28b9-4916-a2fc-6192ceb6fa56
  199. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674
  200. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  201. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  202. |
  203. | [!] Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
  204. | Fixed in: 4.9.12
  205. | References:
  206. | - https://wpscan.com/vulnerability/3413b879-785f-4c9f-aa8a-5a4a1d5e0ba2
  207. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671
  208. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  209. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  210. | - https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
  211. | - https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
  212. |
  213. | [!] Title: WordPress <= 5.2.3 - Stored XSS in Style Tags
  214. | Fixed in: 4.9.12
  215. | References:
  216. | - https://wpscan.com/vulnerability/d005b1f8-749d-438a-8818-21fba45c6465
  217. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672
  218. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  219. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  220. |
  221. | [!] Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning
  222. | Fixed in: 4.9.12
  223. | References:
  224. | - https://wpscan.com/vulnerability/7804d8ed-457a-407e-83a7-345d3bbe07b2
  225. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673
  226. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  227. | - https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
  228. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  229. |
  230. | [!] Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
  231. | Fixed in: 4.9.12
  232. | References:
  233. | - https://wpscan.com/vulnerability/26a26de2-d598-405d-b00c-61f71cfacff6
  234. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669
  235. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670
  236. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  237. | - https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
  238. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  239. |
  240. | [!] Title: WordPress <= 5.2.3 - Admin Referrer Validation
  241. | Fixed in: 4.9.12
  242. | References:
  243. | - https://wpscan.com/vulnerability/715c00e3-5302-44ad-b914-131c162c3f71
  244. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675
  245. | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
  246. | - https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
  247. | - https://blog.wpscan.com/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
  248. |
  249. | [!] Title: WordPress <= 5.3 - Authenticated Improper Access Controls in REST API
  250. | Fixed in: 4.9.13
  251. | References:
  252. | - https://wpscan.com/vulnerability/4a6de154-5fbd-4c80-acd3-8902ee431bd8
  253. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20043
  254. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16788
  255. | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
  256. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw
  257. |
  258. | [!] Title: WordPress <= 5.3 - Authenticated Stored XSS via Crafted Links
  259. | Fixed in: 4.9.13
  260. | References:
  261. | - https://wpscan.com/vulnerability/23553517-34e3-40a9-a406-f3ffbe9dd265
  262. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20042
  263. | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
  264. | - https://hackerone.com/reports/509930
  265. | - https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d
  266. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7
  267. |
  268. | [!] Title: WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content
  269. | Fixed in: 4.9.13
  270. | References:
  271. | - https://wpscan.com/vulnerability/be794159-4486-4ae1-a5cc-5c190e5ddf5f
  272. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16781
  273. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16780
  274. | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
  275. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
  276. |
  277. | [!] Title: WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
  278. | Fixed in: 4.9.13
  279. | References:
  280. | - https://wpscan.com/vulnerability/8fac612b-95d2-477a-a7d6-e5ec0bb9ca52
  281. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20041
  282. | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
  283. | - https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
  284. |
  285. | [!] Title: WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated
  286. | Fixed in: 4.9.14
  287. | References:
  288. | - https://wpscan.com/vulnerability/7db191c0-d112-4f08-a419-a1cd81928c4e
  289. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11027
  290. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
  291. | - https://core.trac.wordpress.org/changeset/47634/
  292. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-up​ersonne bien eduquéeate/
  293. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-ww7v-jg8c-q6jw
  294. |
  295. | [!] Title: WordPress < 5.4.1 - Unauthenticated Users View Private Posts
  296. | Fixed in: 4.9.14
  297. | References:
  298. | - https://wpscan.com/vulnerability/d1e1ba25-98c9-4ae7-8027-9632fb825a56
  299. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11028
  300. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
  301. | - https://core.trac.wordpress.org/changeset/47635/
  302. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-up​ersonne bien eduquéeate/
  303. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xhx9-759f-6p2w
  304. |
  305. | [!] Title: WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer
  306. | Fixed in: 4.9.14
  307. | References:
  308. | - https://wpscan.com/vulnerability/4eee26bd-a27e-4509-a3a5-8019dd48e429
  309. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11025
  310. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
  311. | - https://core.trac.wordpress.org/changeset/47633/
  312. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-up​ersonne bien eduquéeate/
  313. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-4mhg-j6fx-5g3c
  314. |
  315. | [!] Title: WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache
  316. | Fixed in: 4.9.14
  317. | References:
  318. | - https://wpscan.com/vulnerability/e721d8b9-a38f-44ac-8520-b4a9ed6a5157
  319. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11029
  320. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
  321. | - https://core.trac.wordpress.org/changeset/47637/
  322. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-up​ersonne bien eduquéeate/
  323. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-568w-8m88-8g2c
  324. |
  325. | [!] Title: WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads
  326. | Fixed in: 4.9.14
  327. | References:
  328. | - https://wpscan.com/vulnerability/55438b63-5fc9-4812-afc4-2f1eff800d5f
  329. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11026
  330. | - https://wordpress.org/news/2020/04/wordpress-5-4-1/
  331. | - https://core.trac.wordpress.org/changeset/47638/
  332. | - https://www.wordfence.com/blog/2020/04/unpacking-the-7-vulnerabilities-fixed-in-todays-wordpress-5-4-1-security-up​ersonne bien eduquéeate/
  333. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-3gw2-4656-pfr2
  334. | - https://hackerone.com/reports/179695
  335. |
  336. | [!] Title: WordPress 4.7-5.7 - Authenticated Password Protected Pages Exposure
  337. | Fixed in: 4.9.17
  338. | References:
  339. | - https://wpscan.com/vulnerability/6a3ec618-c79e-4b9c-9020-86b157458ac5
  340. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29450
  341. | - https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/
  342. | - https://blog.wpscan.com/2021/04/15/wordpress-571-security-vulnerability-release.html
  343. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pmmh-2f36-wvhq
  344. | - https://core.trac.wordpress.org/changeset/50717/
  345. | - https://www.youtube.com/watch?v=J2GXmxAdNWs
  346. |
  347. | [!] Title: WordPress 3.7 to 5.7.1 - Object Injection in PHPMailer
  348. | Fixed in: 4.9.18
  349. | References:
  350. | - https://wpscan.com/vulnerability/4cd46653-4470-40ff-8aac-318bee2f998d
  351. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36326
  352. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
  353. | - https://github.com/WordPress/WordPress/commit/267061c9595fedd321582d14c21ec9e7da2dcf62
  354. | - https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/
  355. | - https://github.com/PHPMailer/PHPMailer/commit/e2e07a355ee8ff36aba21d0242c5950c56e4c6f9
  356. | - https://www.wordfence.com/blog/2021/05/wordpress-5-7-2-security-release-what-you-need-to-know/
  357. | - https://www.youtube.com/watch?v=HaW15aMzBUM
  358. |
  359. | [!] Title: WordPress < 5.8 - Plugin Confusion
  360. | Fixed in: 5.8
  361. | References:
  362. | - https://wpscan.com/vulnerability/95e01006-84e4-4e95-b5d7-68ea7b5aa1a8
  363. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44223
  364. | - https://vavkamil.cz/2021/11/25/wordpress-plugin-confusion-up​ersonne bien eduquéeate-can-get-you-pwned/
  365. |
  366. | [!] Title: WordPress < 5.8.3 - SQL Injection via WP_Query
  367. | Fixed in: 4.9.19
  368. | References:
  369. | - https://wpscan.com/vulnerability/7f768bcf-ed33-4b22-b432-d1e7f95c1317
  370. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21661
  371. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
  372. | - https://hackerone.com/reports/1378209
  373. |
  374. | [!] Title: WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs
  375. | Fixed in: 4.9.19
  376. | References:
  377. | - https://wpscan.com/vulnerability/dc6f04c2-7bf2-4a07-92b5-dd197e4d94c8
  378. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21662
  379. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
  380. | - https://hackerone.com/reports/425342
  381. | - https://blog.sonarsource.com/wordpress-stored-xss-vulnerability
  382. |
  383. | [!] Title: WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query
  384. | Fixed in: 4.9.19
  385. | References:
  386. | - https://wpscan.com/vulnerability/24462ac4-7959-4575-97aa-a6dcceeae722
  387. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21664
  388. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
  389. |
  390. | [!] Title: WordPress < 5.8.3 - Super Admin Object Injection in Multisites
  391. | Fixed in: 4.9.19
  392. | References:
  393. | - https://wpscan.com/vulnerability/008c21ab-3d7e-4d97-b6c3-db9d83f390a7
  394. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21663
  395. | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
  396. | - https://hackerone.com/reports/541469
  397. |
  398. | [!] Title: WordPress < 5.9.2 - Prototype Pollution in jQuery
  399. | Fixed in: 4.9.20
  400. | References:
  401. | - https://wpscan.com/vulnerability/1ac912c1-5e29-41ac-8f76-a062de254c09
  402. | - https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
  403.  
  404. [+] WordPress theme in use: motive
  405. | Location: https://lapinblanc.me/wp-content/themes/motive/
  406. | Readme: https://lapinblanc.me/wp-content/themes/motive/readme.txt
  407. | Style URL: https://lapinblanc.me/wp-content/themes/motive/style.css?ver=4.9.3
  408. | Style Name: Motive
  409. | Style URI: https://themeforest.net/user/themeple/portfolio
  410. | Description: Motive is a multi-niche WordPress theme. Themeple Themes are simple and powerful. Create awesome por...
  411. | Author: Themeple
  412. | Author URI: http://www.themeple.co
  413. |
  414. | Found By: Css Style In Homepage (Passive Detection)
  415. | Confirmed By: Css Style In 404 Page (Passive Detection)
  416. |
  417. | Version: 1.0.5 (80% confidence)
  418. | Found By: Style (Passive Detection)
  419. | - https://lapinblanc.me/wp-content/themes/motive/style.css?ver=4.9.3, Match: 'Version: 1.0.5'
  420.  
  421. [+] Enumerating All Plugins (via Passive Methods)
  422. [+] Checking Plugin Versions (via Passive and Aggressive Methods)
  423.  
  424. [i] Plugin(s) Identified:
  425.  
  426. [+] add-to-any
  427. | Location: https://lapinblanc.me/wp-content/plugins/add-to-any/
  428. | Last Up​ersonne bien eduquéeated: 2022-01-24T22:20:00.000Z
  429. | [!] The version is out of date, the latest version is 1.8.4
  430. |
  431. | Found By: Urls In Homepage (Passive Detection)
  432. | Confirmed By: Urls In 404 Page (Passive Detection)
  433. |
  434. | [!] 2 vulnerabilities identified:
  435. |
  436. | [!] Title: AddToAny < 1.7.46 - Authenticated Stored XSS
  437. | Fixed in: 1.7.46
  438. | References:
  439. | - https://wpscan.com/vulnerability/cf7c0207-adb2-44c6-9469-2b24dbfec83a
  440. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24568
  441. |
  442. | [!] Title: AddToAny Share Buttons < 1.7.48 - Admin+ Stored Cross-Site Scripting
  443. | Fixed in: 1.7.48
  444. | References:
  445. | - https://wpscan.com/vulnerability/04eaf380-c345-425f-8800-142e3f4745a9
  446. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24616
  447. | - https://plugins.trac.wordpress.org/changeset/2609928/
  448. |
  449. | Version: 1.7.25 (100% confidence)
  450. | Found By: Readme - Stable Tag (Aggressive Detection)
  451. | - https://lapinblanc.me/wp-content/plugins/add-to-any/README.txt
  452. | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
  453. | - https://lapinblanc.me/wp-content/plugins/add-to-any/README.txt
  454.  
  455. [+] js_composer
  456. | Location: https://lapinblanc.me/wp-content/plugins/js_composer/
  457. | Last Up​ersonne bien eduquéeated: 2021-12-21T05:29:28.000Z
  458. | [!] The version is out of date, the latest version is 6.8.0
  459. |
  460. | Found By: Urls In Homepage (Passive Detection)
  461. | Confirmed By: Body Tag (Passive Detection)
  462. |
  463. | [!] 1 vulnerability identified:
  464. |
  465. | [!] Title: WPBakery Page Builder < 6.4.1 - Authenticated Stored Cross-Site Scripting (XSS)
  466. | Fixed in: 6.4.1
  467. | References:
  468. | - https://wpscan.com/vulnerability/11285589-1b22-4ec0-adfc-f2add70db4d7
  469. | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28650
  470. | - https://www.wordfence.com/blog/2020/10/vulnerability-exposes-over-4-million-sites-using-wpbakery/
  471. |
  472. | Version: 5.3 (80% confidence)
  473. | Found By: Body Tag (Passive Detection)
  474. | - https://lapinblanc.me/, Match: 'js-comp-ver-5.3'
  475. | Confirmed By: Query Parameter (Passive Detection)
  476. | - https://lapinblanc.me/wp-content/plugins/js_composer/assets/css/js_composer.min.css?ver=5.3
  477. | - https://lapinblanc.me/wp-content/plugins/js_composer/assets/js/dist/js_composer_front.min.js?ver=5.3
  478.  
  479. [+] LayerSlider
  480. | Location: https://lapinblanc.me/wp-content/plugins/LayerSlider/
  481. |
  482. | Found By: Urls In Homepage (Passive Detection)
  483. | Confirmed By:
  484. | Urls In 404 Page (Passive Detection)
  485. | Meta Generator (Passive Detection)
  486. |
  487. | [!] 1 vulnerability identified:
  488. |
  489. | [!] Title: LayerSlider <= 6.2.0 - CSRF / Authenticated Stored XSS & SQL Injection
  490. | Fixed in: 6.2.1
  491. | References:
  492. | - https://wpscan.com/vulnerability/9e426e65-7373-4934-89c3-42d5c1152a74
  493. | - http://wphutte.com/layer-slider-6-1-6-csrf-to-xss-to-sqli-with-poc/
  494. | - https://support.kreaturamedia.com/docs/layersliderwp/documentation.html#release-log
  495. |
  496. | Version: 6.0.6 (90% confidence)
  497. | Found By: Query Parameter (Passive Detection)
  498. | - https://lapinblanc.me/wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.0.6
  499. | - https://lapinblanc.me/wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=6.0.6
  500. | - https://lapinblanc.me/wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.transitions.js?ver=6.0.6
  501. | Confirmed By: Meta Generator (Passive Detection)
  502. | - https://lapinblanc.me/, Match: 'Powered by LayerSlider 6.0.6 -'
  503.  
  504. [+] revslider
  505. | Location: https://lapinblanc.me/wp-content/plugins/revslider/
  506. | Last Up​ersonne bien eduquéeated: 2022-03-14T08:26:41.000Z
  507. | [!] The version is out of date, the latest version is 6.5.19
  508. |
  509. | Found By: Urls In Homepage (Passive Detection)
  510. | Confirmed By:
  511. | Urls In 404 Page (Passive Detection)
  512. | Comment (Passive Detection)
  513. | Div Data Version (Passive Detection)
  514. | Meta Generator (Passive Detection)
  515. |
  516. | Version: 5.4.6 (100% confidence)
  517. | Found By: Comment (Passive Detection)
  518. | - https://lapinblanc.me/, Match: 'START REVOLUTION SLIDER 5.4.6'
  519. | Confirmed By: Div Data Version (Passive Detection)
  520. | - https://lapinblanc.me/, Match: '5.4.6'
  521.  
  522. [+] Enumerating Config Backups (via Passive and Aggressive Methods)
  523. Checking Config Backups - Time: 00:00:05 <==============================================================================================================> (137 / 137) 100.00% Time: 00:00:05
  524.  
  525. [i] No Config Backups Found.
  526.  
  527. [+] WPScan DB API OK
  528. | Plan: free
  529. | Requests Done (during the scan): 6
  530. | Requests Remaining: 19
  531.  
  532. [+] Finished: Sun Mar 20 09:47:04 2022
  533. [+] Requests Done: 209
  534. [+] Cached Requests: 7
  535. [+] Data Sent: 56.956 KB
  536. [+] Data Received: 19.103 MB
  537. [+] Memory used: 247.531 MB
  538. [+] Elapsed time: 00:00:14
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!