API tools faq
paste
Advertisement
Guest User

WPscan WAS

a guest
Sep 4th, 2018
149
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.22 KB | None | 0 0
raw download clone embed print report
  1. _______________________________________________________________
  2. __ _______ _____
  3. \ \ / / __ \ / ____|
  4. \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
  5. \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
  6. \ /\ / | | ____) | (__| (_| | | | |
  7. \/ \/ |_| |_____/ \___|\__,_|_| |_|
  8.  
  9. WordPress Security Scanner by the WPScan Team
  10. Version 2.9.4
  11. Sponsored by Sucuri - https://sucuri.net
  12. @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
  13. _______________________________________________________________
  14.  
  15. [+] URL: https://wearechange.org/
  16. [+] Started: Wed Sep 5 02:35:01 2018
  17.  
  18. [+] Interesting header: LINK: </wp-content/cache/minify/41aaf.js>; rel=preload; as=script
  19. [+] Interesting header: LINK: </wp-content/cache/minify/853fc.js>; rel=preload; as=script
  20. [+] Interesting header: LINK: </wp-content/cache/minify/1d222.js>; rel=preload; as=script
  21. [+] Interesting header: LINK: </wp-content/cache/minify/51398.js>; rel=preload; as=script
  22. [+] Interesting header: LINK: </wp-content/cache/minify/b575d.js>; rel=preload; as=script
  23. [+] Interesting header: LINK: </wp-content/cache/minify/e7cc1.js>; rel=preload; as=script
  24. [+] Interesting header: LINK: </wp-content/cache/minify/6ce07.js>; rel=preload; as=script
  25. [+] Interesting header: LINK: </wp-content/cache/minify/29e8b.js>; rel=preload; as=script
  26. [+] Interesting header: LINK: </wp-content/cache/minify/bb3b4.css>; rel=preload; as=style
  27. [+] Interesting header: LINK: </wp-content/cache/minify/cf0b0.css>; rel=preload; as=style
  28. [+] Interesting header: REFERRER-POLICY: same-origin
  29. [+] Interesting header: SERVER: nginx
  30. [+] Interesting header: STRICT-TRANSPORT-SECURITY: max-age=31536000
  31. [+] Interesting header: X-CONTENT-TYPE-OPTIONS: nosniff
  32. [+] Interesting header: X-FRAME-OPTIONS: SAMEORIGIN
  33. [+] Interesting header: X-POWERED-BY: W3 Total Cache/0.9.7
  34. [+] Interesting header: X-PROXY-CACHE: MISS
  35. [+] Interesting header: X-XSS-PROTECTION: 1; mode=block
  36. [+] robots.txt available under: https://wearechange.org/robots.txt [HTTP 200]
  37. [+] Interesting entry from robots.txt: https://wearechange.org/cgi-bin/ [HTTP 404]
  38. [+] Interesting entry from robots.txt: https://wearechange.org/search/ [HTTP 404]
  39. [+] Interesting entry from robots.txt: https://wearechange.org/tag/ [HTTP 301]
  40. [+] Interesting entry from robots.txt: https://wearechange.org/trackback/ [HTTP 404]
  41. [+] Interesting entry from robots.txt: https://wearechange.org/wp-content/gallery/ [HTTP 403]
  42. [+] Interesting entry from robots.txt: https://wearechange.org/wp-content/uploads/ [HTTP 403]
  43. [+] Interesting entry from robots.txt: https://wearechange.org/wp-content/uploads/pb_backupbuddy/ [HTTP 200]
  44. [+] Interesting entry from robots.txt: https://wearechange.org/wp-content/uploads/wc-logs/ [HTTP 403]
  45. [+] Interesting entry from robots.txt: https://wearechange.org/xmlrpc.php [HTTP 403]
  46. [+] Sitemap found: https://wearechange.org/robots.txt [HTTP 200]
  47. [+] Sitemap entry: https://wearechange.org/author-sitemap.xml [HTTP 200]
  48. [+] Sitemap entry: https://wearechange.org/page-sitemap.xml [HTTP 200]
  49. [+] Sitemap entry: https://wearechange.org/post-sitemap1.xml [HTTP 200]
  50. [+] Sitemap entry: https://wearechange.org/post-sitemap2.xml [HTTP 200]
  51. [+] Sitemap entry: https://wearechange.org/post-sitemap3.xml [HTTP 200]
  52. [+] Sitemap entry: https://wearechange.org/post-sitemap4.xml [HTTP 200]
  53. [+] Sitemap entry: https://wearechange.org/post-sitemap5.xml [HTTP 200]
  54. [+] Sitemap entry: https://wearechange.org/post-sitemap6.xml [HTTP 200]
  55. [+] Sitemap entry: https://wearechange.org/post-sitemap7.xml [HTTP 200]
  56. [+] Sitemap entry: https://wearechange.org/sitemap_index.xml [HTTP 200]
  57. [+] Found an RSS Feed: https://wearechange.org/feed/ [HTTP 403]
  58. [!] Missing Author field. Maybe non-standard WordPress RSS feed?
  59.  
  60. [+] Enumerating WordPress version ...
  61.  
  62. [+] WordPress version 4.9.8 (Released on 2018-08-02) identified from advanced fingerprinting
  63.  
  64. [+] WordPress theme in use: Extra - v2.7.1
  65.  
  66. [+] Name: Extra - v2.7.1
  67. | Location: https://wearechange.org/wp-content/themes/Extra/
  68. | Readme: https://wearechange.org/wp-content/themes/Extra/README.md
  69. | Changelog: https://wearechange.org/wp-content/themes/Extra/changelog.txt
  70. | Style URL: https://wearechange.org/wp-content/themes/Extra/style.css
  71. | Theme Name: Extra
  72. | Theme URI: http://www.elegantthemes.com/gallery/extra/
  73. | Description: Extra
  74. | Author: Elegant Themes
  75. | Author URI: http://www.elegantthemes.com
  76.  
  77. [+] Enumerating plugins from passive detection ...
  78. | 10 plugins found:
  79.  
  80. [+] Name: ajax-search-lite
  81. | Latest version: 4.7.16
  82. | Last updated: 2018-07-10T12:30:00.000Z
  83. | Location: https://wearechange.org/wp-content/plugins/ajax-search-lite/
  84. | Readme: https://wearechange.org/wp-content/plugins/ajax-search-lite/readme.md
  85. | Changelog: https://wearechange.org/wp-content/plugins/ajax-search-lite/changelog.md
  86.  
  87. [!] We could not determine the version installed. All of the past known vulnerabilities will be output to allow you to do your own manual investigation.
  88.  
  89. [!] Title: Ajax Search Lite <= 3.1 - Authenticated RCE
  90. Reference: https://wpvulndb.com/vulnerabilities/7858
  91. Reference: http://web.archive.org/web/20150619084745/http://research.evex.pw/?vuln=9
  92. [i] Fixed in: 3.11
  93.  
  94. [+] Name: bloom
  95. | Latest version: 1.0.4
  96. | Last updated: 2016-04-14T16:53:00.000Z
  97. | Location: https://wearechange.org/wp-content/plugins/bloom/
  98. | Readme: https://wearechange.org/wp-content/plugins/bloom/readme.md
  99. | Changelog: https://wearechange.org/wp-content/plugins/bloom/changelog.txt
  100.  
  101. [!] We could not determine the version installed. All of the past known vulnerabilities will be output to allow you to do your own manual investigation.
  102.  
  103. [!] Title: ElegantThemes - Privilege Escalation
  104. Reference: https://wpvulndb.com/vulnerabilities/8394
  105. Reference: http://www.pritect.net/blog/elegant-themes-security-vulnerability
  106. Reference: http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
  107. [i] Fixed in: 1.1.1
  108.  
  109. [+] Name: disqus-comment-system - v3.0.16
  110. | Latest version: 3.0.16 (up to date)
  111. | Last updated: 2018-05-25T18:25:00.000Z
  112. | Location: https://wearechange.org/wp-content/plugins/disqus-comment-system/
  113. | Readme: https://wearechange.org/wp-content/plugins/disqus-comment-system/README.txt
  114. | Changelog: https://wearechange.org/wp-content/plugins/disqus-comment-system/changelog.md
  115.  
  116. [+] Name: disqus-recent-comments-widget
  117. | Latest version: 1.2
  118. | Last updated: 2014-09-22T01:54:00.000Z
  119. | Location: https://wearechange.org/wp-content/plugins/disqus-recent-comments-widget/
  120. | Readme: https://wearechange.org/wp-content/plugins/disqus-recent-comments-widget/readme.md
  121. | Changelog: https://wearechange.org/wp-content/plugins/disqus-recent-comments-widget/changelog.md
  122.  
  123. [+] Name: divi-booster
  124. | Location: https://wearechange.org/wp-content/plugins/divi-booster/
  125. | Readme: https://wearechange.org/wp-content/plugins/divi-booster/readme.md
  126. | Changelog: https://wearechange.org/wp-content/plugins/divi-booster/changelog.md
  127.  
  128. [+] Name: emember-extra-login-shortcodes
  129. | Location: https://wearechange.org/wp-content/plugins/emember-extra-login-shortcodes/
  130. | Readme: https://wearechange.org/wp-content/plugins/emember-extra-login-shortcodes/readme.md
  131. | Changelog: https://wearechange.org/wp-content/plugins/emember-extra-login-shortcodes/changelog.md
  132.  
  133. [+] Name: instagram-feed - v1.9.1
  134. | Latest version: 1.9.1 (up to date)
  135. | Last updated: 2018-07-02T21:19:00.000Z
  136. | Location: https://wearechange.org/wp-content/plugins/instagram-feed/
  137. | Readme: https://wearechange.org/wp-content/plugins/instagram-feed/README.txt
  138. | Changelog: https://wearechange.org/wp-content/plugins/instagram-feed/changelog.md
  139.  
  140. [+] Name: monarch
  141. | Location: https://wearechange.org/wp-content/plugins/monarch/
  142. | Readme: https://wearechange.org/wp-content/plugins/monarch/readme.md
  143. | Changelog: https://wearechange.org/wp-content/plugins/monarch/changelog.txt
  144.  
  145. [!] We could not determine the version installed. All of the past known vulnerabilities will be output to allow you to do your own manual investigation.
  146.  
  147. [!] Title: ElegantThemes - Privilege Escalation
  148. Reference: https://wpvulndb.com/vulnerabilities/8394
  149. Reference: http://www.pritect.net/blog/elegant-themes-security-vulnerability
  150. Reference: http://wptavern.com/critical-security-vulnerability-discovered-in-elegant-themes-products
  151. [i] Fixed in: 1.2.7
  152.  
  153. [+] Name: wp-eMember
  154. | Location: https://wearechange.org/wp-content/plugins/wp-eMember/
  155. | Readme: https://wearechange.org/wp-content/plugins/wp-eMember/readme.md
  156. | Changelog: https://wearechange.org/wp-content/plugins/wp-eMember/changelog.md
  157.  
  158. [+] Name: w3-total-cache - v0.9.7
  159. | Latest version: 0.9.7 (up to date)
  160. | Last updated: 2018-04-25T21:31:00.000Z
  161. | Location: https://wearechange.org/wp-content/plugins/w3-total-cache/
  162. | Readme: https://wearechange.org/wp-content/plugins/w3-total-cache/readme.md
  163. | Changelog: https://wearechange.org/wp-content/plugins/w3-total-cache/changelog.txt
  164.  
  165. [+] Finished: Wed Sep 5 02:37:07 2018
  166. [+] Elapsed time: 00:02:06
  167. [+] Requests made: 163
  168. [+] Memory used: 143.781 MB
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!