· 6 years ago · Nov 07, 2019, 06:16 PM
1root@pc:~# wpscan --url 51.77.51.19/wordpress
2_______________________________________________________________
3 __ _______ _____
4 \ \ / / __ \ / ____|
5 \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
6 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
7 \ /\ / | | ____) | (__| (_| | | | |
8 \/ \/ |_| |_____/ \___|\__,_|_| |_|
9
10 WordPress Security Scanner by the WPScan Team
11 Version 3.6.3
12 Sponsored by Sucuri - https://sucuri.net
13 @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
14_______________________________________________________________
15
16[+] URL: http://51.77.51.19/wordpress/
17[+] Started: Thu Nov 7 13:12:19 2019
18
19Interesting Finding(s):
20
21[+] http://51.77.51.19/wordpress/
22 | Interesting Entry: Server: Apache/2.4.29 (Ubuntu)
23 | Found By: Headers (Passive Detection)
24 | Confidence: 100%
25
26[+] http://51.77.51.19/wordpress/xmlrpc.php
27 | Found By: Direct Access (Aggressive Detection)
28 | Confidence: 100%
29 | References:
30 | - http://codex.wordpress.org/XML-RPC_Pingback_API
31 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
32 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
33 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
34 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
35
36[+] http://51.77.51.19/wordpress/readme.html
37 | Found By: Direct Access (Aggressive Detection)
38 | Confidence: 100%
39
40[+] http://51.77.51.19/wordpress/wp-cron.php
41 | Found By: Direct Access (Aggressive Detection)
42 | Confidence: 60%
43 | References:
44 | - https://www.iplocation.net/defend-wordpress-from-ddos
45 | - https://github.com/wpscanteam/wpscan/issues/1299
46
47[+] WordPress version 4.7.1 identified (Insecure, released on 2017-01-11).
48 | Detected By: Rss Generator (Passive Detection)
49 | - http://51.77.51.19/wordpress/index.php/feed/, <generator>https://wordpress.org/?v=4.7.1</generator>
50 | - http://51.77.51.19/wordpress/index.php/comments/feed/, <generator>https://wordpress.org/?v=4.7.1</generator>
51 |
52 | [!] 51 vulnerabilities identified:
53 |
54 | [!] Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
55 | Fixed in: 4.7.2
56 | References:
57 | - https://wpvulndb.com/vulnerabilities/8729
58 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610
59 | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
60 | - https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
61 |
62 | [!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
63 | Fixed in: 4.7.2
64 | References:
65 | - https://wpvulndb.com/vulnerabilities/8730
66 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
67 | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
68 | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
69 |
70 | [!] Title: WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table
71 | Fixed in: 4.7.2
72 | References:
73 | - https://wpvulndb.com/vulnerabilities/8731
74 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612
75 | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
76 | - https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
77 |
78 | [!] Title: WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API
79 | Fixed in: 4.7.2
80 | References:
81 | - https://wpvulndb.com/vulnerabilities/8734
82 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1001000
83 | - https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
84 | - https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html
85 | - https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab
86 | - https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7
87 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_content_injection
88 |
89 | [!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
90 | Fixed in: 4.7.3
91 | References:
92 | - https://wpvulndb.com/vulnerabilities/8765
93 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
94 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
95 | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
96 | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
97 | - https://seclists.org/oss-sec/2017/q1/563
98 |
99 | [!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
100 | Fixed in: 4.7.3
101 | References:
102 | - https://wpvulndb.com/vulnerabilities/8766
103 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
104 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
105 | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
106 |
107 | [!] Title: WordPress 4.7.0-4.7.2 - Authenticated Unintended File Deletion in Plugin Delete
108 | Fixed in: 4.7.3
109 | References:
110 | - https://wpvulndb.com/vulnerabilities/8767
111 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6816
112 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
113 | - https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
114 |
115 | [!] Title: WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
116 | Fixed in: 4.7.3
117 | References:
118 | - https://wpvulndb.com/vulnerabilities/8768
119 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
120 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
121 | - https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
122 | - https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
123 |
124 | [!] Title: WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names
125 | Fixed in: 4.7.3
126 | References:
127 | - https://wpvulndb.com/vulnerabilities/8769
128 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6818
129 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
130 | - https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
131 |
132 | [!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
133 | Fixed in: 4.7.3
134 | References:
135 | - https://wpvulndb.com/vulnerabilities/8770
136 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
137 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
138 | - https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
139 | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
140 | - https://seclists.org/oss-sec/2017/q1/562
141 | - https://hackerone.com/reports/153093
142 |
143 | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
144 | References:
145 | - https://wpvulndb.com/vulnerabilities/8807
146 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
147 | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
148 | - https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
149 | - https://core.trac.wordpress.org/ticket/25239
150 |
151 | [!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
152 | Fixed in: 4.7.5
153 | References:
154 | - https://wpvulndb.com/vulnerabilities/8815
155 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
156 | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
157 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
158 |
159 | [!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
160 | Fixed in: 4.7.5
161 | References:
162 | - https://wpvulndb.com/vulnerabilities/8816
163 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
164 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
165 | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
166 |
167 | [!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
168 | Fixed in: 4.7.5
169 | References:
170 | - https://wpvulndb.com/vulnerabilities/8817
171 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
172 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
173 | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
174 |
175 | [!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
176 | Fixed in: 4.7.5
177 | References:
178 | - https://wpvulndb.com/vulnerabilities/8818
179 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
180 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
181 | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
182 | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
183 |
184 | [!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
185 | Fixed in: 4.7.5
186 | References:
187 | - https://wpvulndb.com/vulnerabilities/8819
188 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
189 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
190 | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
191 | - https://hackerone.com/reports/203515
192 | - https://hackerone.com/reports/203515
193 |
194 | [!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
195 | Fixed in: 4.7.5
196 | References:
197 | - https://wpvulndb.com/vulnerabilities/8820
198 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
199 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
200 | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
201 |
202 | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
203 | Fixed in: 4.7.6
204 | References:
205 | - https://wpvulndb.com/vulnerabilities/8905
206 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723
207 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
208 | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
209 | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
210 |
211 | [!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
212 | Fixed in: 4.7.5
213 | References:
214 | - https://wpvulndb.com/vulnerabilities/8906
215 | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
216 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
217 | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
218 | - https://wpvulndb.com/vulnerabilities/8905
219 |
220 | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
221 | Fixed in: 4.7.6
222 | References:
223 | - https://wpvulndb.com/vulnerabilities/8910
224 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
225 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
226 | - https://core.trac.wordpress.org/changeset/41398
227 |
228 | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
229 | Fixed in: 4.7.6
230 | References:
231 | - https://wpvulndb.com/vulnerabilities/8911
232 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
233 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
234 | - https://core.trac.wordpress.org/changeset/41457
235 |
236 | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
237 | Fixed in: 4.7.6
238 | References:
239 | - https://wpvulndb.com/vulnerabilities/8912
240 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
241 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
242 | - https://core.trac.wordpress.org/changeset/41397
243 |
244 | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
245 | Fixed in: 4.7.6
246 | References:
247 | - https://wpvulndb.com/vulnerabilities/8913
248 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
249 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
250 | - https://core.trac.wordpress.org/changeset/41448
251 |
252 | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
253 | Fixed in: 4.7.6
254 | References:
255 | - https://wpvulndb.com/vulnerabilities/8914
256 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
257 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
258 | - https://core.trac.wordpress.org/changeset/41395
259 | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
260 |
261 | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
262 | Fixed in: 4.7.7
263 | References:
264 | - https://wpvulndb.com/vulnerabilities/8941
265 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
266 | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
267 | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
268 | - https://twitter.com/ircmaxell/status/923662170092638208
269 | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
270 |
271 | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
272 | Fixed in: 4.7.8
273 | References:
274 | - https://wpvulndb.com/vulnerabilities/8966
275 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
276 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
277 | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
278 |
279 | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
280 | Fixed in: 4.7.8
281 | References:
282 | - https://wpvulndb.com/vulnerabilities/8967
283 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
284 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
285 | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
286 |
287 | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
288 | Fixed in: 4.7.8
289 | References:
290 | - https://wpvulndb.com/vulnerabilities/8968
291 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
292 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
293 | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
294 |
295 | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
296 | Fixed in: 4.7.8
297 | References:
298 | - https://wpvulndb.com/vulnerabilities/8969
299 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
300 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
301 | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
302 |
303 | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
304 | Fixed in: 4.7.9
305 | References:
306 | - https://wpvulndb.com/vulnerabilities/9006
307 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
308 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9263
309 | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
310 | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
311 | - https://core.trac.wordpress.org/ticket/42720
312 |
313 | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
314 | References:
315 | - https://wpvulndb.com/vulnerabilities/9021
316 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
317 | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
318 | - https://github.com/quitten/doser.py
319 | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
320 |
321 | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
322 | Fixed in: 4.7.10
323 | References:
324 | - https://wpvulndb.com/vulnerabilities/9053
325 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
326 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
327 | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
328 |
329 | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
330 | Fixed in: 4.7.10
331 | References:
332 | - https://wpvulndb.com/vulnerabilities/9054
333 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
334 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
335 | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
336 |
337 | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
338 | Fixed in: 4.7.10
339 | References:
340 | - https://wpvulndb.com/vulnerabilities/9055
341 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
342 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
343 | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
344 |
345 | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
346 | Fixed in: 4.7.11
347 | References:
348 | - https://wpvulndb.com/vulnerabilities/9100
349 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
350 | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
351 | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
352 | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
353 | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
354 | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
355 |
356 | [!] Title: WordPress <= 5.0 - Authenticated File Delete
357 | Fixed in: 4.7.12
358 | References:
359 | - https://wpvulndb.com/vulnerabilities/9169
360 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
361 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
362 |
363 | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
364 | Fixed in: 4.7.12
365 | References:
366 | - https://wpvulndb.com/vulnerabilities/9170
367 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
368 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
369 | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
370 |
371 | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
372 | Fixed in: 4.7.12
373 | References:
374 | - https://wpvulndb.com/vulnerabilities/9171
375 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
376 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
377 |
378 | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
379 | Fixed in: 4.7.12
380 | References:
381 | - https://wpvulndb.com/vulnerabilities/9172
382 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
383 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
384 |
385 | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
386 | Fixed in: 4.7.12
387 | References:
388 | - https://wpvulndb.com/vulnerabilities/9173
389 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
390 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
391 | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
392 |
393 | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
394 | Fixed in: 4.7.12
395 | References:
396 | - https://wpvulndb.com/vulnerabilities/9174
397 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
398 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
399 |
400 | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
401 | Fixed in: 4.7.12
402 | References:
403 | - https://wpvulndb.com/vulnerabilities/9175
404 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
405 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
406 | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
407 |
408 | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
409 | Fixed in: 5.0.1
410 | References:
411 | - https://wpvulndb.com/vulnerabilities/9222
412 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
413 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
414 | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
415 | - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
416 |
417 | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
418 | Fixed in: 4.7.13
419 | References:
420 | - https://wpvulndb.com/vulnerabilities/9230
421 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
422 | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
423 | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
424 | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
425 |
426 | [!] Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
427 | Fixed in: 4.7.14
428 | References:
429 | - https://wpvulndb.com/vulnerabilities/9867
430 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222
431 | - https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
432 | - https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
433 |
434 | [!] Title: WordPress <= 5.2.3 - Stored XSS in Customizer
435 | Fixed in: 4.7.15
436 | References:
437 | - https://wpvulndb.com/vulnerabilities/9908
438 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674
439 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
440 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
441 |
442 | [!] Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
443 | Fixed in: 4.7.15
444 | References:
445 | - https://wpvulndb.com/vulnerabilities/9909
446 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671
447 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
448 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
449 | - https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
450 | - https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
451 |
452 | [!] Title: WordPress <= 5.2.3 - Stored XSS in Style Tags
453 | Fixed in: 4.7.15
454 | References:
455 | - https://wpvulndb.com/vulnerabilities/9910
456 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672
457 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
458 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
459 |
460 | [!] Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning
461 | Fixed in: 4.7.15
462 | References:
463 | - https://wpvulndb.com/vulnerabilities/9911
464 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673
465 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
466 | - https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
467 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
468 |
469 | [!] Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
470 | Fixed in: 4.7.15
471 | References:
472 | - https://wpvulndb.com/vulnerabilities/9912
473 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669
474 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670
475 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
476 | - https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
477 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
478 |
479 | [!] Title: WordPress <= 5.2.3 - Admin Referrer Validation
480 | Fixed in: 4.7.15
481 | References:
482 | - https://wpvulndb.com/vulnerabilities/9913
483 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675
484 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
485 | - https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
486 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
487
488[+] WordPress theme in use: twentyseventeen
489 | Location: http://51.77.51.19/wordpress/wp-content/themes/twentyseventeen/
490 | Last Updated: 2019-05-07T00:00:00.000Z
491 | Readme: http://51.77.51.19/wordpress/wp-content/themes/twentyseventeen/README.txt
492 | [!] The version is out of date, the latest version is 2.2
493 | Style URL: http://51.77.51.19/wordpress/wp-content/themes/twentyseventeen/style.css?ver=4.7.1
494 | Style Name: Twenty Seventeen
495 | Style URI: https://wordpress.org/themes/twentyseventeen/
496 | Description: Twenty Seventeen brings your site to life with header video and immersive featured images. With a fo...
497 | Author: the WordPress team
498 | Author URI: https://wordpress.org/
499 |
500 | Detected By: Css Style (Passive Detection)
501 |
502 | Version: 1.1 (80% confidence)
503 | Detected By: Style (Passive Detection)
504 | - http://51.77.51.19/wordpress/wp-content/themes/twentyseventeen/style.css?ver=4.7.1, Match: 'Version: 1.1'
505
506[+] Enumerating All Plugins (via Passive Methods)
507
508[i] No plugins Found.
509
510[+] Enumerating Config Backups (via Passive and Aggressive Methods)
511 Checking Config Backups - Time: 00:00:00 <===> (21 / 21) 100.00% Time: 00:00:00
512
513[i] No Config Backups Found.
514
515
516[+] Finished: Thu Nov 7 13:12:24 2019
517[+] Requests Done: 50
518[+] Cached Requests: 5
519[+] Data Sent: 11.757 KB
520[+] Data Received: 295.76 KB
521[+] Memory used: 200.781 MB
522[+] Elapsed time: 00:00:05