· 6 years ago · Apr 09, 2020, 01:02 PM
1wpscan --url http://enterprise.local -e vp vt cb u m --api-token 9USW6KxqY91d7DXaNtDxawBRFqepm1pO1xKyNUsNa8gs | tee wpscan.log
2_______________________________________________________________
3 __ _______ _____
4 \ \ / / __ \ / ____|
5 \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
6 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
7 \ /\ / | | ____) | (__| (_| | | | |
8 \/ \/ |_| |_____/ \___|\__,_|_| |_|
9
10 WordPress Security Scanner by the WPScan Team
11 Version 3.7.8
12 Sponsored by Automattic - https://automattic.com/
13 @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
14_______________________________________________________________
15
16[+] URL: http://enterprise.local/
17[+] Started: Thu Apr 9 08:45:32 2020
18
19Interesting Finding(s):
20
21[+] http://enterprise.local/
22 | Interesting Entries:
23 | - Server: Apache/2.4.10 (Debian)
24 | - X-Powered-By: PHP/5.6.31
25 | Found By: Headers (Passive Detection)
26 | Confidence: 100%
27
28[+] http://enterprise.local/xmlrpc.php
29 | Found By: Direct Access (Aggressive Detection)
30 | Confidence: 100%
31 | References:
32 | - http://codex.wordpress.org/XML-RPC_Pingback_API
33 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
34 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
35 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
36 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
37
38[+] http://enterprise.local/readme.html
39 | Found By: Direct Access (Aggressive Detection)
40 | Confidence: 100%
41
42[+] http://enterprise.local/wp-cron.php
43 | Found By: Direct Access (Aggressive Detection)
44 | Confidence: 60%
45 | References:
46 | - https://www.iplocation.net/defend-wordpress-from-ddos
47 | - https://github.com/wpscanteam/wpscan/issues/1299
48
49[+] WordPress version 4.8.1 identified (Insecure, released on 2017-08-02).
50 | Found By: Emoji Settings (Passive Detection)
51 | - http://enterprise.local/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=4.8.1'
52 | Confirmed By: Meta Generator (Passive Detection)
53 | - http://enterprise.local/, Match: 'WordPress 4.8.1'
54 |
55 | [!] 38 vulnerabilities identified:
56 |
57 | [!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
58 | Fixed in: 4.8.2
59 | References:
60 | - https://wpvulndb.com/vulnerabilities/8905
61 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723
62 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
63 | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
64 | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
65 |
66 | [!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
67 | Fixed in: 4.8.2
68 | References:
69 | - https://wpvulndb.com/vulnerabilities/8910
70 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
71 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
72 | - https://core.trac.wordpress.org/changeset/41398
73 |
74 | [!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
75 | Fixed in: 4.8.2
76 | References:
77 | - https://wpvulndb.com/vulnerabilities/8911
78 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
79 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
80 | - https://core.trac.wordpress.org/changeset/41457
81 | - https://hackerone.com/reports/205481
82 |
83 | [!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
84 | Fixed in: 4.8.2
85 | References:
86 | - https://wpvulndb.com/vulnerabilities/8912
87 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
88 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
89 | - https://core.trac.wordpress.org/changeset/41397
90 |
91 | [!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
92 | Fixed in: 4.8.2
93 | References:
94 | - https://wpvulndb.com/vulnerabilities/8913
95 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
96 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
97 | - https://core.trac.wordpress.org/changeset/41448
98 |
99 | [!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
100 | Fixed in: 4.8.2
101 | References:
102 | - https://wpvulndb.com/vulnerabilities/8914
103 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
104 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
105 | - https://core.trac.wordpress.org/changeset/41395
106 | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
107 |
108 | [!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
109 | References:
110 | - https://wpvulndb.com/vulnerabilities/8807
111 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
112 | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
113 | - https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
114 | - https://core.trac.wordpress.org/ticket/25239
115 |
116 | [!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
117 | Fixed in: 4.8.3
118 | References:
119 | - https://wpvulndb.com/vulnerabilities/8941
120 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
121 | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
122 | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
123 | - https://twitter.com/ircmaxell/status/923662170092638208
124 | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
125 |
126 | [!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
127 | Fixed in: 4.8.4
128 | References:
129 | - https://wpvulndb.com/vulnerabilities/8966
130 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
131 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
132 | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
133 |
134 | [!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
135 | Fixed in: 4.8.4
136 | References:
137 | - https://wpvulndb.com/vulnerabilities/8967
138 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
139 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
140 | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
141 |
142 | [!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
143 | Fixed in: 4.8.4
144 | References:
145 | - https://wpvulndb.com/vulnerabilities/8968
146 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
147 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
148 | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
149 |
150 | [!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
151 | Fixed in: 4.8.4
152 | References:
153 | - https://wpvulndb.com/vulnerabilities/8969
154 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
155 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
156 | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
157 |
158 | [!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
159 | Fixed in: 4.8.5
160 | References:
161 | - https://wpvulndb.com/vulnerabilities/9006
162 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
163 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9263
164 | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
165 | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
166 | - https://core.trac.wordpress.org/ticket/42720
167 |
168 | [!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
169 | References:
170 | - https://wpvulndb.com/vulnerabilities/9021
171 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
172 | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
173 | - https://github.com/quitten/doser.py
174 | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
175 |
176 | [!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
177 | Fixed in: 4.8.6
178 | References:
179 | - https://wpvulndb.com/vulnerabilities/9053
180 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
181 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
182 | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
183 |
184 | [!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
185 | Fixed in: 4.8.6
186 | References:
187 | - https://wpvulndb.com/vulnerabilities/9054
188 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
189 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
190 | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
191 |
192 | [!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
193 | Fixed in: 4.8.6
194 | References:
195 | - https://wpvulndb.com/vulnerabilities/9055
196 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
197 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
198 | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
199 |
200 | [!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
201 | Fixed in: 4.8.7
202 | References:
203 | - https://wpvulndb.com/vulnerabilities/9100
204 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
205 | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
206 | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
207 | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
208 | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
209 | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
210 |
211 | [!] Title: WordPress <= 5.0 - Authenticated File Delete
212 | Fixed in: 4.8.8
213 | References:
214 | - https://wpvulndb.com/vulnerabilities/9169
215 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
216 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
217 |
218 | [!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
219 | Fixed in: 4.8.8
220 | References:
221 | - https://wpvulndb.com/vulnerabilities/9170
222 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
223 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
224 | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
225 |
226 | [!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
227 | Fixed in: 4.8.8
228 | References:
229 | - https://wpvulndb.com/vulnerabilities/9171
230 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
231 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
232 |
233 | [!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
234 | Fixed in: 4.8.8
235 | References:
236 | - https://wpvulndb.com/vulnerabilities/9172
237 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
238 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
239 |
240 | [!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
241 | Fixed in: 4.8.8
242 | References:
243 | - https://wpvulndb.com/vulnerabilities/9173
244 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
245 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
246 | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
247 |
248 | [!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
249 | Fixed in: 4.8.8
250 | References:
251 | - https://wpvulndb.com/vulnerabilities/9174
252 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
253 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
254 |
255 | [!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
256 | Fixed in: 4.8.8
257 | References:
258 | - https://wpvulndb.com/vulnerabilities/9175
259 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
260 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
261 | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
262 |
263 | [!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
264 | Fixed in: 5.0.1
265 | References:
266 | - https://wpvulndb.com/vulnerabilities/9222
267 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
268 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
269 | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
270 | - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
271 |
272 | [!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
273 | Fixed in: 4.8.9
274 | References:
275 | - https://wpvulndb.com/vulnerabilities/9230
276 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
277 | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
278 | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
279 | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
280 |
281 | [!] Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
282 | Fixed in: 4.8.10
283 | References:
284 | - https://wpvulndb.com/vulnerabilities/9867
285 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222
286 | - https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
287 | - https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
288 | - https://hackerone.com/reports/339483
289 |
290 | [!] Title: WordPress <= 5.2.3 - Stored XSS in Customizer
291 | Fixed in: 4.8.11
292 | References:
293 | - https://wpvulndb.com/vulnerabilities/9908
294 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674
295 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
296 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
297 |
298 | [!] Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
299 | Fixed in: 4.8.11
300 | References:
301 | - https://wpvulndb.com/vulnerabilities/9909
302 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671
303 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
304 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
305 | - https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
306 | - https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
307 |
308 | [!] Title: WordPress <= 5.2.3 - Stored XSS in Style Tags
309 | Fixed in: 4.8.11
310 | References:
311 | - https://wpvulndb.com/vulnerabilities/9910
312 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672
313 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
314 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
315 |
316 | [!] Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning
317 | Fixed in: 4.8.11
318 | References:
319 | - https://wpvulndb.com/vulnerabilities/9911
320 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673
321 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
322 | - https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
323 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
324 |
325 | [!] Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
326 | Fixed in: 4.8.11
327 | References:
328 | - https://wpvulndb.com/vulnerabilities/9912
329 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669
330 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670
331 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
332 | - https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
333 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
334 |
335 | [!] Title: WordPress <= 5.2.3 - Admin Referrer Validation
336 | Fixed in: 4.8.11
337 | References:
338 | - https://wpvulndb.com/vulnerabilities/9913
339 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675
340 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
341 | - https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
342 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
343 |
344 | [!] Title: WordPress <= 5.3 - Improper Access Controls in REST API
345 | Fixed in: 4.8.12
346 | References:
347 | - https://wpvulndb.com/vulnerabilities/9973
348 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20043
349 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16788
350 | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
351 | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-g7rg-hchx-c2gw
352 |
353 | [!] Title: WordPress <= 5.3 - Stored XSS via Crafted Links
354 | Fixed in: 4.8.12
355 | References:
356 | - https://wpvulndb.com/vulnerabilities/9975
357 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20042
358 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16773
359 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16773
360 | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
361 | - https://hackerone.com/reports/509930
362 | - https://github.com/WordPress/wordpress-develop/commit/1f7f3f1f59567e2504f0fbebd51ccf004b3ccb1d
363 | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-xvg2-m2f4-83m7
364 |
365 | [!] Title: WordPress <= 5.3 - Stored XSS via Block Editor Content
366 | Fixed in: 4.8.12
367 | References:
368 | - https://wpvulndb.com/vulnerabilities/9976
369 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16781
370 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16780
371 | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
372 | - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-pg4x-64rh-3c9v
373 |
374 | [!] Title: WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass
375 | Fixed in: 4.8.12
376 | References:
377 | - https://wpvulndb.com/vulnerabilities/10004
378 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20041
379 | - https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/
380 | - https://github.com/WordPress/wordpress-develop/commit/b1975463dd995da19bb40d3fa0786498717e3c53
381
382[i] The main theme could not be detected.
383
384[+] Enumerating Vulnerable Plugins (via Passive Methods)
385
386[i] No plugins Found.
387
388[+] WPVulnDB API OK
389 | Plan: free
390 | Requests Done (during the scan): 1
391 | Requests Remaining: 49
392
393[+] Finished: Thu Apr 9 08:45:49 2020
394[+] Requests Done: 26
395[+] Cached Requests: 4
396[+] Data Sent: 6.411 KB
397[+] Data Received: 147.806 KB
398[+] Memory used: 167.464 MB
399[+] Elapsed time: 00:00:16