· 6 years ago · Nov 04, 2019, 09:00 PM
1_______________________________________________________________
2 __ _______ _____
3 \ \ / / __ \ / ____|
4 \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
5 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
6 \ /\ / | | ____) | (__| (_| | | | |
7 \/ \/ |_| |_____/ \___|\__,_|_| |_|
8
9 WordPress Security Scanner by the WPScan Team
10 Version 2.9.3
11 Sponsored by Sucuri - https://sucuri.net
12 @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
13_______________________________________________________________
14
15Help :
16
17Some values are settable in a config file, see the example.conf.json
18
19--update Update the database to the latest version.
20--url | -u <target url> The WordPress URL/domain to scan.
21--force | -f Forces WPScan to not check if the remote site is running WordPress.
22--enumerate | -e [option(s)] Enumeration.
23 option :
24 u usernames from id 1 to 10
25 u[10-20] usernames from id 10 to 20 (you must write [] chars)
26 p plugins
27 vp only vulnerable plugins
28 ap all plugins (can take a long time)
29 tt timthumbs
30 t themes
31 vt only vulnerable themes
32 at all themes (can take a long time)
33 Multiple values are allowed : "-e tt,p" will enumerate timthumbs and plugins
34 If no option is supplied, the default is "vt,tt,u,vp"
35
36--exclude-content-based "<regexp or string>"
37 Used with the enumeration option, will exclude all occurrences based on the regexp or string supplied.
38 You do not need to provide the regexp delimiters, but you must write the quotes (simple or double).
39--config-file | -c <config file> Use the specified config file, see the example.conf.json.
40--user-agent | -a <User-Agent> Use the specified User-Agent.
41--cookie <string> String to read cookies from.
42--random-agent | -r Use a random User-Agent.
43--follow-redirection If the target url has a redirection, it will be followed without asking if you wanted to do so or not
44--batch Never ask for user input, use the default behaviour.
45--no-color Do not use colors in the output.
46--log [filename] Creates a log.txt file with WPScan's output if no filename is supplied. Otherwise the filename is used for logging.
47--no-banner Prevents the WPScan banner from being displayed.
48--disable-accept-header Prevents WPScan sending the Accept HTTP header.
49--disable-referer Prevents setting the Referer header.
50--disable-tls-checks Disables SSL/TLS certificate verification.
51--wp-content-dir <wp content dir> WPScan try to find the content directory (ie wp-content) by scanning the index page, however you can specify it.
52 Subdirectories are allowed.
53--wp-plugins-dir <wp plugins dir> Same thing than --wp-content-dir but for the plugins directory.
54 If not supplied, WPScan will use wp-content-dir/plugins. Subdirectories are allowed
55--proxy <[protocol://]host:port> Supply a proxy. HTTP, SOCKS4 SOCKS4A and SOCKS5 are supported.
56 If no protocol is given (format host:port), HTTP will be used.
57--proxy-auth <username:password> Supply the proxy login credentials.
58--basic-auth <username:password> Set the HTTP Basic authentication.
59--wordlist | -w <wordlist> Supply a wordlist for the password brute forcer.
60--username | -U <username> Only brute force the supplied username.
61--usernames <path-to-file> Only brute force the usernames from the file.
62--cache-dir <cache-directory> Set the cache directory.
63--cache-ttl <cache-ttl> Typhoeus cache TTL.
64--request-timeout <request-timeout> Request Timeout.
65--connect-timeout <connect-timeout> Connect Timeout.
66--threads | -t <number of threads> The number of threads to use when multi-threading requests.
67--max-threads <max-threads> Maximum Threads.
68--throttle <milliseconds> Milliseconds to wait before doing another web request. If used, the --threads should be set to 1.
69--help | -h This help screen.
70--verbose | -v Verbose output.
71--version Output the current version and exit.
72
73
74Examples :
75
76-Further help ...
77wpscan --help
78
79-Do 'non-intrusive' checks ...
80wpscan --url www.example.com
81
82-Do wordlist password brute force on enumerated users using 50 threads ...
83wpscan --url www.example.com --wordlist darkc0de.lst --threads 50
84
85-Do wordlist password brute force on the 'admin' username only ...
86wpscan --url www.example.com --wordlist darkc0de.lst --username admin
87
88-Enumerate installed plugins ...
89wpscan --url www.example.com --enumerate p
90
91-Enumerate installed themes ...
92wpscan --url www.example.com --enumerate t
93
94-Enumerate users ...
95wpscan --url www.example.com --enumerate u
96
97-Enumerate installed timthumbs ...
98wpscan --url www.example.com --enumerate tt
99
100-Use a HTTP proxy ...
101wpscan --url www.example.com --proxy 127.0.0.1:8118
102
103-Use a SOCKS5 proxy ... (cURL >= v7.21.7 needed)
104wpscan --url www.example.com --proxy socks5://127.0.0.1:9000
105
106-Use custom content directory ...
107wpscan -u www.example.com --wp-content-dir custom-content
108
109-Use custom plugins directory ...
110wpscan -u www.example.com --wp-plugins-dir wp-content/custom-plugins
111
112-Update the DB ...
113wpscan --update
114
115-Debug output ...
116wpscan --url www.example.com --debug-output 2>debug.log
117
118See README for further information.
119
120root@Kali:~#
121root@Kali:~# wpscan --url http://51.77.51.19/wordpress/index.php/
122_______________________________________________________________
123 __ _______ _____
124 \ \ / / __ \ / ____|
125 \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
126 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
127 \ /\ / | | ____) | (__| (_| | | | |
128 \/ \/ |_| |_____/ \___|\__,_|_| |_|
129
130 WordPress Security Scanner by the WPScan Team
131 Version 2.9.3
132 Sponsored by Sucuri - https://sucuri.net
133 @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
134_______________________________________________________________
135
136[i] It seems like you have not updated the database for some time.
137[?] Do you want to update now? [Y]es [N]o [A]bort, default: [N]Y
138[i] Updating the Database ...
139[i] Update completed.
140[i] The remote host tried to redirect to: http://51.77.51.19/wordpress/index.php/2019/08/13/home/
141[?] Do you want follow the redirection ? [Y]es [N]o [A]bort, default: [N]Y
142The plugins directory 'wp-content/plugins' does not exist.
143You can specify one per command line option (don't forget to include the wp-content directory if needed)
144[?] Continue? [Y]es [N]o, default: [N]
145Y
146[+] URL: http://51.77.51.19/wordpress/index.php/2019/08/13/home/
147[+] Started: Mon Nov 4 21:45:40 2019
148
149[+] Interesting header: LINK: <http://51.77.51.19/wordpress/index.php/wp-json/>; rel="https://api.w.org/"
150[+] Interesting header: LINK: <http://51.77.51.19/wordpress/?p=4>; rel=shortlink
151[+] Interesting header: SERVER: Apache/2.4.29 (Ubuntu)
152
153
154
155[+] WordPress version 4.7.1 (Released on 2017-01-11) identified from meta generator
156[!] 51 vulnerabilities identified from the version number
157
158[!] Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
159 Reference: https://wpvulndb.com/vulnerabilities/8729
160 Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
161 Reference: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
162 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610
163[i] Fixed in: 4.7.2
164
165[!] Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
166 Reference: https://wpvulndb.com/vulnerabilities/8730
167 Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
168 Reference: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
169 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
170[i] Fixed in: 4.7.2
171
172[!] Title: WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table
173 Reference: https://wpvulndb.com/vulnerabilities/8731
174 Reference: https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
175 Reference: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
176 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612
177[i] Fixed in: 4.7.2
178
179[!] Title: WordPress 4.7.0-4.7.1 - Unauthenticated Page/Post Content Modification via REST API
180 Reference: https://wpvulndb.com/vulnerabilities/8734
181 Reference: https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
182 Reference: https://blogs.akamai.com/2017/02/wordpress-web-api-vulnerability.html
183 Reference: https://gist.github.com/leonjza/2244eb15510a0687ed93160c623762ab
184 Reference: https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7
185 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1001000
186 Reference: https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_content_injection
187[i] Fixed in: 4.7.2
188
189[!] Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
190 Reference: https://wpvulndb.com/vulnerabilities/8765
191 Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
192 Reference: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
193 Reference: https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
194 Reference: https://seclists.org/oss-sec/2017/q1/563
195 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
196[i] Fixed in: 4.7.3
197
198[!] Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
199 Reference: https://wpvulndb.com/vulnerabilities/8766
200 Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
201 Reference: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
202 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
203[i] Fixed in: 4.7.3
204
205[!] Title: WordPress 4.7.0-4.7.2 - Authenticated Unintended File Deletion in Plugin Delete
206 Reference: https://wpvulndb.com/vulnerabilities/8767
207 Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
208 Reference: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
209 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6816
210[i] Fixed in: 4.7.3
211
212[!] Title: WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
213 Reference: https://wpvulndb.com/vulnerabilities/8768
214 Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
215 Reference: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
216 Reference: https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
217 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
218[i] Fixed in: 4.7.3
219
220[!] Title: WordPress 4.7-4.7.2 - Cross-Site Scripting (XSS) via Taxonomy Term Names
221 Reference: https://wpvulndb.com/vulnerabilities/8769
222 Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
223 Reference: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
224 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6818
225[i] Fixed in: 4.7.3
226
227[!] Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
228 Reference: https://wpvulndb.com/vulnerabilities/8770
229 Reference: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
230 Reference: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
231 Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
232 Reference: https://seclists.org/oss-sec/2017/q1/562
233 Reference: https://hackerone.com/reports/153093
234 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
235[i] Fixed in: 4.7.3
236
237[!] Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
238 Reference: https://wpvulndb.com/vulnerabilities/8807
239 Reference: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
240 Reference: https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
241 Reference: https://core.trac.wordpress.org/ticket/25239
242 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
243
244[!] Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
245 Reference: https://wpvulndb.com/vulnerabilities/8815
246 Reference: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
247 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
248 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
249[i] Fixed in: 4.7.5
250
251[!] Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
252 Reference: https://wpvulndb.com/vulnerabilities/8816
253 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
254 Reference: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
255 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
256[i] Fixed in: 4.7.5
257
258[!] Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
259 Reference: https://wpvulndb.com/vulnerabilities/8817
260 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
261 Reference: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
262 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
263[i] Fixed in: 4.7.5
264
265[!] Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
266 Reference: https://wpvulndb.com/vulnerabilities/8818
267 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
268 Reference: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
269 Reference: https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
270 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
271[i] Fixed in: 4.7.5
272
273[!] Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
274 Reference: https://wpvulndb.com/vulnerabilities/8819
275 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
276 Reference: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
277 Reference: https://hackerone.com/reports/203515
278 Reference: https://hackerone.com/reports/203515
279 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
280[i] Fixed in: 4.7.5
281
282[!] Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
283 Reference: https://wpvulndb.com/vulnerabilities/8820
284 Reference: https://wordpress.org/news/2017/05/wordpress-4-7-5/
285 Reference: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
286 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
287[i] Fixed in: 4.7.5
288
289[!] Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
290 Reference: https://wpvulndb.com/vulnerabilities/8905
291 Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
292 Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
293 Reference: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
294 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723
295[i] Fixed in: 4.7.6
296
297[!] Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
298 Reference: https://wpvulndb.com/vulnerabilities/8906
299 Reference: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
300 Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
301 Reference: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
302 Reference: https://wpvulndb.com/vulnerabilities/8905
303[i] Fixed in: 4.7.5
304
305[!] Title: WordPress 2.9.2-4.8.1 - Open Redirect
306 Reference: https://wpvulndb.com/vulnerabilities/8910
307 Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
308 Reference: https://core.trac.wordpress.org/changeset/41398
309 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
310[i] Fixed in: 4.7.6
311
312[!] Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
313 Reference: https://wpvulndb.com/vulnerabilities/8911
314 Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
315 Reference: https://core.trac.wordpress.org/changeset/41457
316 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
317[i] Fixed in: 4.7.6
318
319[!] Title: WordPress 4.4-4.8.1 - Path Traversal in Customizer
320 Reference: https://wpvulndb.com/vulnerabilities/8912
321 Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
322 Reference: https://core.trac.wordpress.org/changeset/41397
323 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14722
324[i] Fixed in: 4.7.6
325
326[!] Title: WordPress 4.4-4.8.1 - Cross-Site Scripting (XSS) in oEmbed
327 Reference: https://wpvulndb.com/vulnerabilities/8913
328 Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
329 Reference: https://core.trac.wordpress.org/changeset/41448
330 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14724
331[i] Fixed in: 4.7.6
332
333[!] Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
334 Reference: https://wpvulndb.com/vulnerabilities/8914
335 Reference: https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
336 Reference: https://core.trac.wordpress.org/changeset/41395
337 Reference: https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
338 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
339[i] Fixed in: 4.7.6
340
341[!] Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
342 Reference: https://wpvulndb.com/vulnerabilities/8941
343 Reference: https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
344 Reference: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
345 Reference: https://twitter.com/ircmaxell/status/923662170092638208
346 Reference: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
347 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
348[i] Fixed in: 4.7.7
349
350[!] Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
351 Reference: https://wpvulndb.com/vulnerabilities/8966
352 Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
353 Reference: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
354 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
355[i] Fixed in: 4.7.8
356
357[!] Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
358 Reference: https://wpvulndb.com/vulnerabilities/8967
359 Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
360 Reference: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
361 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
362[i] Fixed in: 4.7.8
363
364[!] Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
365 Reference: https://wpvulndb.com/vulnerabilities/8968
366 Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
367 Reference: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
368 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
369[i] Fixed in: 4.7.8
370
371[!] Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
372 Reference: https://wpvulndb.com/vulnerabilities/8969
373 Reference: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
374 Reference: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
375 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
376[i] Fixed in: 4.7.8
377
378[!] Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
379 Reference: https://wpvulndb.com/vulnerabilities/9006
380 Reference: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
381 Reference: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
382 Reference: https://core.trac.wordpress.org/ticket/42720
383 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
384 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9263
385[i] Fixed in: 4.7.9
386
387[!] Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
388 Reference: https://wpvulndb.com/vulnerabilities/9021
389 Reference: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
390 Reference: https://github.com/quitten/doser.py
391 Reference: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
392 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
393
394[!] Title: WordPress 3.7-4.9.4 - Remove localhost Default
395 Reference: https://wpvulndb.com/vulnerabilities/9053
396 Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
397 Reference: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
398 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
399[i] Fixed in: 4.7.10
400
401[!] Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
402 Reference: https://wpvulndb.com/vulnerabilities/9054
403 Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
404 Reference: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
405 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
406[i] Fixed in: 4.7.10
407
408[!] Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
409 Reference: https://wpvulndb.com/vulnerabilities/9055
410 Reference: https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
411 Reference: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
412 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
413[i] Fixed in: 4.7.10
414
415[!] Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
416 Reference: https://wpvulndb.com/vulnerabilities/9100
417 Reference: https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
418 Reference: http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
419 Reference: https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
420 Reference: https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
421 Reference: https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
422 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
423[i] Fixed in: 4.7.11
424
425[!] Title: WordPress <= 5.0 - Authenticated File Delete
426 Reference: https://wpvulndb.com/vulnerabilities/9169
427 Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
428 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
429[i] Fixed in: 4.7.12
430
431[!] Title: WordPress <= 5.0 - Authenticated Post Type Bypass
432 Reference: https://wpvulndb.com/vulnerabilities/9170
433 Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
434 Reference: https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
435 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
436[i] Fixed in: 4.7.12
437
438[!] Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
439 Reference: https://wpvulndb.com/vulnerabilities/9171
440 Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
441 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
442[i] Fixed in: 4.7.12
443
444[!] Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
445 Reference: https://wpvulndb.com/vulnerabilities/9172
446 Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
447 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
448[i] Fixed in: 4.7.12
449
450[!] Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
451 Reference: https://wpvulndb.com/vulnerabilities/9173
452 Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
453 Reference: https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
454 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
455[i] Fixed in: 4.7.12
456
457[!] Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
458 Reference: https://wpvulndb.com/vulnerabilities/9174
459 Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
460 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
461[i] Fixed in: 4.7.12
462
463[!] Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
464 Reference: https://wpvulndb.com/vulnerabilities/9175
465 Reference: https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
466 Reference: https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
467 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
468[i] Fixed in: 4.7.12
469
470[!] Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
471 Reference: https://wpvulndb.com/vulnerabilities/9222
472 Reference: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
473 Reference: https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
474 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
475 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
476[i] Fixed in: 5.0.1
477
478[!] Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
479 Reference: https://wpvulndb.com/vulnerabilities/9230
480 Reference: https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
481 Reference: https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
482 Reference: https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
483 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
484[i] Fixed in: 4.7.13
485
486[!] Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
487 Reference: https://wpvulndb.com/vulnerabilities/9867
488 Reference: https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
489 Reference: https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
490 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222
491[i] Fixed in: 4.7.14
492
493[!] Title: WordPress <= 5.2.3 - Stored XSS in Customizer
494 Reference: https://wpvulndb.com/vulnerabilities/9908
495 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
496 Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
497 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674
498[i] Fixed in: 4.7.15
499
500[!] Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
501 Reference: https://wpvulndb.com/vulnerabilities/9909
502 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
503 Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
504 Reference: https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
505 Reference: https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
506 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671
507[i] Fixed in: 4.7.15
508
509[!] Title: WordPress <= 5.2.3 - Stored XSS in Style Tags
510 Reference: https://wpvulndb.com/vulnerabilities/9910
511 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
512 Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
513 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672
514[i] Fixed in: 4.7.15
515
516[!] Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning
517 Reference: https://wpvulndb.com/vulnerabilities/9911
518 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
519 Reference: https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
520 Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
521 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673
522[i] Fixed in: 4.7.15
523
524[!] Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
525 Reference: https://wpvulndb.com/vulnerabilities/9912
526 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
527 Reference: https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
528 Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
529 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669
530 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670
531[i] Fixed in: 4.7.15
532
533[!] Title: WordPress <= 5.2.3 - Admin Referrer Validation
534 Reference: https://wpvulndb.com/vulnerabilities/9913
535 Reference: https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
536 Reference: https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
537 Reference: https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
538 Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675
539[i] Fixed in: 4.7.15
540
541[+] WordPress theme in use: twentyseventeen
542
543[+] Name: twentyseventeen
544 | Latest version: 2.2
545 | Last updated: 2019-05-07T00:00:00.000Z
546 | Location: http://51.77.51.19/wordpress/index.php/2019/08/13/home/wp-content/themes/twentyseventeen/
547 | Style URL: http://51.77.51.19/wordpress/index.php/2019/08/13/home/wp-content/themes/twentyseventeen/style.css
548 | Referenced style.css: http://51.77.51.19/wordpress/wp-content/themes/twentyseventeen/style.css
549
550[+] Enumerating plugins from passive detection ..