· 6 years ago · Dec 12, 2019, 07:58 PM
1<--- V4CUUM --->
2
3_______________________________________________________________
4 __ _______ _____
5 \ \ / / __ \ / ____|
6 \ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
7 \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
8 \ /\ / | | ____) | (__| (_| | | | |
9 \/ \/ |_| |_____/ \___|\__,_|_| |_|
10
11 WordPress Security Scanner by the WPScan Team
12 Version 3.7.5
13 Sponsored by Automattic - https://automattic.com/
14 @_WPScan_, @ethicalhack3r, @erwan_lr, @_FireFart_
15_______________________________________________________________
16
17[32m[+][0m URL: http://www.tatianahajduk.com/
18[32m[+][0m Started: Thu Dec 12 20:54:22 2019
19
20Interesting Finding(s):
21
22[32m[+][0m http://www.tatianahajduk.com/
23 | Interesting Entry: Server: LiteSpeed
24 | Found By: Headers (Passive Detection)
25 | Confidence: 100%
26
27[32m[+][0m http://www.tatianahajduk.com/robots.txt
28 | Found By: Robots Txt (Aggressive Detection)
29 | Confidence: 100%
30
31[32m[+][0m http://www.tatianahajduk.com/xmlrpc.php
32 | Found By: Headers (Passive Detection)
33 | Confidence: 100%
34 | Confirmed By:
35 | - Link Tag (Passive Detection), 30% confidence
36 | - Direct Access (Aggressive Detection), 100% confidence
37 | References:
38 | - http://codex.wordpress.org/XML-RPC_Pingback_API
39 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
40 | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
41 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
42 | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
43
44[32m[+][0m http://www.tatianahajduk.com/readme.html
45 | Found By: Direct Access (Aggressive Detection)
46 | Confidence: 100%
47
48[32m[+][0m http://www.tatianahajduk.com/wp-cron.php
49 | Found By: Direct Access (Aggressive Detection)
50 | Confidence: 60%
51 | References:
52 | - https://www.iplocation.net/defend-wordpress-from-ddos
53 | - https://github.com/wpscanteam/wpscan/issues/1299
54
55[32m[+][0m WordPress version 4.3 identified (Insecure, released on 2015-08-18).
56 | Found By: Rss Generator (Passive Detection)
57 | - http://www.tatianahajduk.com/feed/, <generator>http://wordpress.org/?v=4.3</generator>
58 | - http://www.tatianahajduk.com/comments/feed/, <generator>http://wordpress.org/?v=4.3</generator>
59 |
60 | [31m[!][0m 68 vulnerabilities identified:
61 |
62 | [31m[!][0m Title: WordPress <= 4.3 - Authenticated Shortcode Tags Cross-Site Scripting (XSS)
63 | Fixed in: 4.3.1
64 | References:
65 | - https://wpvulndb.com/vulnerabilities/8186
66 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5714
67 | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
68 | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
69 | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
70 |
71 | [31m[!][0m Title: WordPress <= 4.3 - User List Table Cross-Site Scripting (XSS)
72 | Fixed in: 4.3.1
73 | References:
74 | - https://wpvulndb.com/vulnerabilities/8187
75 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7989
76 | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
77 | - https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
78 |
79 | [31m[!][0m Title: WordPress <= 4.3 - Publish Post & Mark as Sticky Permission Issue
80 | Fixed in: 4.3.1
81 | References:
82 | - https://wpvulndb.com/vulnerabilities/8188
83 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5715
84 | - https://wordpress.org/news/2015/09/wordpress-4-3-1/
85 | - http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/
86 | - http://blog.knownsec.com/2015/09/wordpress-vulnerability-analysis-cve-2015-5714-cve-2015-5715/
87 |
88 | [31m[!][0m Title: WordPress 3.7-4.4 - Authenticated Cross-Site Scripting (XSS)
89 | Fixed in: 4.3.2
90 | References:
91 | - https://wpvulndb.com/vulnerabilities/8358
92 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1564
93 | - https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
94 | - https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
95 |
96 | [31m[!][0m Title: WordPress 3.7-4.4.1 - Local URIs Server Side Request Forgery (SSRF)
97 | Fixed in: 4.3.3
98 | References:
99 | - https://wpvulndb.com/vulnerabilities/8376
100 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2222
101 | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
102 | - https://core.trac.wordpress.org/changeset/36435
103 | - https://hackerone.com/reports/110801
104 |
105 | [31m[!][0m Title: WordPress 3.7-4.4.1 - Open Redirect
106 | Fixed in: 4.3.3
107 | References:
108 | - https://wpvulndb.com/vulnerabilities/8377
109 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2221
110 | - https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
111 | - https://core.trac.wordpress.org/changeset/36444
112 |
113 | [31m[!][0m Title: WordPress <= 4.4.2 - SSRF Bypass using Octal & Hexedecimal IP addresses
114 | Fixed in: 4.5
115 | References:
116 | - https://wpvulndb.com/vulnerabilities/8473
117 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4029
118 | - https://codex.wordpress.org/Version_4.5
119 | - https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
120 |
121 | [31m[!][0m Title: WordPress <= 4.4.2 - Reflected XSS in Network Settings
122 | Fixed in: 4.5
123 | References:
124 | - https://wpvulndb.com/vulnerabilities/8474
125 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6634
126 | - https://codex.wordpress.org/Version_4.5
127 | - https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
128 |
129 | [31m[!][0m Title: WordPress <= 4.4.2 - Script Compression Option CSRF
130 | Fixed in: 4.5
131 | References:
132 | - https://wpvulndb.com/vulnerabilities/8475
133 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6635
134 | - https://codex.wordpress.org/Version_4.5
135 |
136 | [31m[!][0m Title: WordPress 4.2-4.5.1 - MediaElement.js Reflected Cross-Site Scripting (XSS)
137 | Fixed in: 4.5.2
138 | References:
139 | - https://wpvulndb.com/vulnerabilities/8488
140 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4567
141 | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
142 | - https://github.com/WordPress/WordPress/commit/a493dc0ab5819c8b831173185f1334b7c3e02e36
143 | - https://gist.github.com/cure53/df34ea68c26441f3ae98f821ba1feb9c
144 |
145 | [31m[!][0m Title: WordPress <= 4.5.1 - Pupload Same Origin Method Execution (SOME)
146 | Fixed in: 4.3.4
147 | References:
148 | - https://wpvulndb.com/vulnerabilities/8489
149 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4566
150 | - https://wordpress.org/news/2016/05/wordpress-4-5-2/
151 | - https://github.com/WordPress/WordPress/commit/c33e975f46a18f5ad611cf7e7c24398948cecef8
152 | - https://gist.github.com/cure53/09a81530a44f6b8173f545accc9ed07e
153 |
154 | [31m[!][0m Title: WordPress 4.2-4.5.2 - Authenticated Attachment Name Stored XSS
155 | Fixed in: 4.3.5
156 | References:
157 | - https://wpvulndb.com/vulnerabilities/8518
158 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5833
159 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5834
160 | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
161 | - https://github.com/WordPress/WordPress/commit/4372cdf45d0f49c74bbd4d60db7281de83e32648
162 |
163 | [31m[!][0m Title: WordPress 3.6-4.5.2 - Authenticated Revision History Information Disclosure
164 | Fixed in: 4.3.5
165 | References:
166 | - https://wpvulndb.com/vulnerabilities/8519
167 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5835
168 | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
169 | - https://github.com/WordPress/WordPress/commit/a2904cc3092c391ac7027bc87f7806953d1a25a1
170 | - https://www.wordfence.com/blog/2016/06/wordpress-core-vulnerability-bypass-password-protected-posts/
171 |
172 | [31m[!][0m Title: WordPress 2.6.0-4.5.2 - Unauthorized Category Removal from Post
173 | Fixed in: 4.3.5
174 | References:
175 | - https://wpvulndb.com/vulnerabilities/8520
176 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5837
177 | - https://wordpress.org/news/2016/06/wordpress-4-5-3/
178 | - https://github.com/WordPress/WordPress/commit/6d05c7521baa980c4efec411feca5e7fab6f307c
179 |
180 | [31m[!][0m Title: WordPress 2.5-4.6 - Authenticated Stored Cross-Site Scripting via Image Filename
181 | Fixed in: 4.3.6
182 | References:
183 | - https://wpvulndb.com/vulnerabilities/8615
184 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7168
185 | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
186 | - https://github.com/WordPress/WordPress/commit/c9e60dab176635d4bfaaf431c0ea891e4726d6e0
187 | - https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_vulnerability_in_wordpress_due_to_unsafe_processing_of_file_names.html
188 | - https://seclists.org/fulldisclosure/2016/Sep/6
189 |
190 | [31m[!][0m Title: WordPress 2.8-4.6 - Path Traversal in Upgrade Package Uploader
191 | Fixed in: 4.3.6
192 | References:
193 | - https://wpvulndb.com/vulnerabilities/8616
194 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7169
195 | - https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
196 | - https://github.com/WordPress/WordPress/commit/54720a14d85bc1197ded7cb09bd3ea790caa0b6e
197 |
198 | [31m[!][0m Title: WordPress 4.3-4.7 - Remote Code Execution (RCE) in PHPMailer
199 | Fixed in: 4.3.7
200 | References:
201 | - https://wpvulndb.com/vulnerabilities/8714
202 | - https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/
203 | - https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
204 | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
205 | - https://github.com/WordPress/WordPress/commit/24767c76d359231642b0ab48437b64e8c6c7f491
206 | - http://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
207 | - https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_phpmailer_host_header
208 |
209 | [31m[!][0m Title: WordPress 2.9-4.7 - Authenticated Cross-Site scripting (XSS) in update-core.php
210 | Fixed in: 4.3.7
211 | References:
212 | - https://wpvulndb.com/vulnerabilities/8716
213 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5488
214 | - https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
215 | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
216 |
217 | [31m[!][0m Title: WordPress 3.4-4.7 - Stored Cross-Site Scripting (XSS) via Theme Name fallback
218 | Fixed in: 4.3.7
219 | References:
220 | - https://wpvulndb.com/vulnerabilities/8718
221 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5490
222 | - https://www.mehmetince.net/low-severity-wordpress/
223 | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
224 | - https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
225 |
226 | [31m[!][0m Title: WordPress <= 4.7 - Post via Email Checks mail.example.com by Default
227 | Fixed in: 4.3.7
228 | References:
229 | - https://wpvulndb.com/vulnerabilities/8719
230 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5491
231 | - https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
232 | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
233 |
234 | [31m[!][0m Title: WordPress 2.8-4.7 - Accessibility Mode Cross-Site Request Forgery (CSRF)
235 | Fixed in: 4.3.7
236 | References:
237 | - https://wpvulndb.com/vulnerabilities/8720
238 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5492
239 | - https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
240 | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
241 |
242 | [31m[!][0m Title: WordPress 3.0-4.7 - Cryptographically Weak Pseudo-Random Number Generator (PRNG)
243 | Fixed in: 4.3.7
244 | References:
245 | - https://wpvulndb.com/vulnerabilities/8721
246 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5493
247 | - https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
248 | - https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
249 |
250 | [31m[!][0m Title: WordPress 4.2.0-4.7.1 - Press This UI Available to Unauthorised Users
251 | Fixed in: 4.3.8
252 | References:
253 | - https://wpvulndb.com/vulnerabilities/8729
254 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5610
255 | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
256 | - https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
257 |
258 | [31m[!][0m Title: WordPress 3.5-4.7.1 - WP_Query SQL Injection
259 | Fixed in: 4.3.8
260 | References:
261 | - https://wpvulndb.com/vulnerabilities/8730
262 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5611
263 | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
264 | - https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
265 |
266 | [31m[!][0m Title: WordPress 4.3.0-4.7.1 - Cross-Site Scripting (XSS) in posts list table
267 | Fixed in: 4.3.8
268 | References:
269 | - https://wpvulndb.com/vulnerabilities/8731
270 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5612
271 | - https://wordpress.org/news/2017/01/wordpress-4-7-2-security-release/
272 | - https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
273 |
274 | [31m[!][0m Title: WordPress 3.6.0-4.7.2 - Authenticated Cross-Site Scripting (XSS) via Media File Metadata
275 | Fixed in: 4.3.9
276 | References:
277 | - https://wpvulndb.com/vulnerabilities/8765
278 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6814
279 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
280 | - https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
281 | - https://sumofpwn.nl/advisory/2016/wordpress_audio_playlist_functionality_is_affected_by_cross_site_scripting.html
282 | - https://seclists.org/oss-sec/2017/q1/563
283 |
284 | [31m[!][0m Title: WordPress 2.8.1-4.7.2 - Control Characters in Redirect URL Validation
285 | Fixed in: 4.3.9
286 | References:
287 | - https://wpvulndb.com/vulnerabilities/8766
288 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6815
289 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
290 | - https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
291 |
292 | [31m[!][0m Title: WordPress 4.0-4.7.2 - Authenticated Stored Cross-Site Scripting (XSS) in YouTube URL Embeds
293 | Fixed in: 4.3.9
294 | References:
295 | - https://wpvulndb.com/vulnerabilities/8768
296 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6817
297 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
298 | - https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
299 | - https://blog.sucuri.net/2017/03/stored-xss-in-wordpress-core.html
300 |
301 | [31m[!][0m Title: WordPress 4.2-4.7.2 - Press This CSRF DoS
302 | Fixed in: 4.3.9
303 | References:
304 | - https://wpvulndb.com/vulnerabilities/8770
305 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6819
306 | - https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
307 | - https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
308 | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_press_this_function_allows_dos.html
309 | - https://seclists.org/oss-sec/2017/q1/562
310 | - https://hackerone.com/reports/153093
311 |
312 | [31m[!][0m Title: WordPress 2.3-4.8.3 - Host Header Injection in Password Reset
313 | References:
314 | - https://wpvulndb.com/vulnerabilities/8807
315 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8295
316 | - https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
317 | - https://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
318 | - https://core.trac.wordpress.org/ticket/25239
319 |
320 | [31m[!][0m Title: WordPress 2.7.0-4.7.4 - Insufficient Redirect Validation
321 | Fixed in: 4.3.11
322 | References:
323 | - https://wpvulndb.com/vulnerabilities/8815
324 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9066
325 | - https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
326 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
327 |
328 | [31m[!][0m Title: WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC
329 | Fixed in: 4.3.11
330 | References:
331 | - https://wpvulndb.com/vulnerabilities/8816
332 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9062
333 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
334 | - https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
335 |
336 | [31m[!][0m Title: WordPress 3.4.0-4.7.4 - XML-RPC Post Meta Data Lack of Capability Checks
337 | Fixed in: 4.3.11
338 | References:
339 | - https://wpvulndb.com/vulnerabilities/8817
340 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9065
341 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
342 | - https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
343 |
344 | [31m[!][0m Title: WordPress 2.5.0-4.7.4 - Filesystem Credentials Dialog CSRF
345 | Fixed in: 4.3.11
346 | References:
347 | - https://wpvulndb.com/vulnerabilities/8818
348 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9064
349 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
350 | - https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
351 | - https://sumofpwn.nl/advisory/2016/cross_site_request_forgery_in_wordpress_connection_information.html
352 |
353 | [31m[!][0m Title: WordPress 3.3-4.7.4 - Large File Upload Error XSS
354 | Fixed in: 4.3.11
355 | References:
356 | - https://wpvulndb.com/vulnerabilities/8819
357 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9061
358 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
359 | - https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
360 | - https://hackerone.com/reports/203515
361 | - https://hackerone.com/reports/203515
362 |
363 | [31m[!][0m Title: WordPress 3.4.0-4.7.4 - Customizer XSS & CSRF
364 | Fixed in: 4.3.11
365 | References:
366 | - https://wpvulndb.com/vulnerabilities/8820
367 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9063
368 | - https://wordpress.org/news/2017/05/wordpress-4-7-5/
369 | - https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
370 |
371 | [31m[!][0m Title: WordPress 2.3.0-4.8.1 - $wpdb->prepare() potential SQL Injection
372 | Fixed in: 4.3.12
373 | References:
374 | - https://wpvulndb.com/vulnerabilities/8905
375 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14723
376 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
377 | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
378 | - https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
379 |
380 | [31m[!][0m Title: WordPress 2.3.0-4.7.4 - Authenticated SQL injection
381 | Fixed in: 4.7.5
382 | References:
383 | - https://wpvulndb.com/vulnerabilities/8906
384 | - https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
385 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
386 | - https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
387 | - https://wpvulndb.com/vulnerabilities/8905
388 |
389 | [31m[!][0m Title: WordPress 2.9.2-4.8.1 - Open Redirect
390 | Fixed in: 4.3.12
391 | References:
392 | - https://wpvulndb.com/vulnerabilities/8910
393 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14725
394 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
395 | - https://core.trac.wordpress.org/changeset/41398
396 |
397 | [31m[!][0m Title: WordPress 3.0-4.8.1 - Path Traversal in Unzipping
398 | Fixed in: 4.3.12
399 | References:
400 | - https://wpvulndb.com/vulnerabilities/8911
401 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14719
402 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
403 | - https://core.trac.wordpress.org/changeset/41457
404 |
405 | [31m[!][0m Title: WordPress 4.2.3-4.8.1 - Authenticated Cross-Site Scripting (XSS) in Visual Editor
406 | Fixed in: 4.3.12
407 | References:
408 | - https://wpvulndb.com/vulnerabilities/8914
409 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14726
410 | - https://wordpress.org/news/2017/09/wordpress-4-8-2-security-and-maintenance-release/
411 | - https://core.trac.wordpress.org/changeset/41395
412 | - https://blog.sucuri.net/2017/09/stored-cross-site-scripting-vulnerability-in-wordpress-4-8-1.html
413 |
414 | [31m[!][0m Title: WordPress <= 4.8.2 - $wpdb->prepare() Weakness
415 | Fixed in: 4.3.13
416 | References:
417 | - https://wpvulndb.com/vulnerabilities/8941
418 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16510
419 | - https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
420 | - https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
421 | - https://twitter.com/ircmaxell/status/923662170092638208
422 | - https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
423 |
424 | [31m[!][0m Title: WordPress 2.8.6-4.9 - Authenticated JavaScript File Upload
425 | Fixed in: 4.3.14
426 | References:
427 | - https://wpvulndb.com/vulnerabilities/8966
428 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17092
429 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
430 | - https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
431 |
432 | [31m[!][0m Title: WordPress 1.5.0-4.9 - RSS and Atom Feed Escaping
433 | Fixed in: 4.3.14
434 | References:
435 | - https://wpvulndb.com/vulnerabilities/8967
436 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17094
437 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
438 | - https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
439 |
440 | [31m[!][0m Title: WordPress 4.3.0-4.9 - HTML Language Attribute Escaping
441 | Fixed in: 4.3.14
442 | References:
443 | - https://wpvulndb.com/vulnerabilities/8968
444 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17093
445 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
446 | - https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
447 |
448 | [31m[!][0m Title: WordPress 3.7-4.9 - 'newbloguser' Key Weak Hashing
449 | Fixed in: 4.3.14
450 | References:
451 | - https://wpvulndb.com/vulnerabilities/8969
452 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17091
453 | - https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
454 | - https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
455 |
456 | [31m[!][0m Title: WordPress 3.7-4.9.1 - MediaElement Cross-Site Scripting (XSS)
457 | Fixed in: 4.3.15
458 | References:
459 | - https://wpvulndb.com/vulnerabilities/9006
460 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5776
461 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9263
462 | - https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
463 | - https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
464 | - https://core.trac.wordpress.org/ticket/42720
465 |
466 | [31m[!][0m Title: WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched)
467 | References:
468 | - https://wpvulndb.com/vulnerabilities/9021
469 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6389
470 | - https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
471 | - https://github.com/quitten/doser.py
472 | - https://thehackernews.com/2018/02/wordpress-dos-exploit.html
473 |
474 | [31m[!][0m Title: WordPress 3.7-4.9.4 - Remove localhost Default
475 | Fixed in: 4.3.16
476 | References:
477 | - https://wpvulndb.com/vulnerabilities/9053
478 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10101
479 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
480 | - https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
481 |
482 | [31m[!][0m Title: WordPress 3.7-4.9.4 - Use Safe Redirect for Login
483 | Fixed in: 4.3.16
484 | References:
485 | - https://wpvulndb.com/vulnerabilities/9054
486 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10100
487 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
488 | - https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
489 |
490 | [31m[!][0m Title: WordPress 3.7-4.9.4 - Escape Version in Generator Tag
491 | Fixed in: 4.3.16
492 | References:
493 | - https://wpvulndb.com/vulnerabilities/9055
494 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10102
495 | - https://wordpress.org/news/2018/04/wordpress-4-9-5-security-and-maintenance-release/
496 | - https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
497 |
498 | [31m[!][0m Title: WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion
499 | Fixed in: 4.3.17
500 | References:
501 | - https://wpvulndb.com/vulnerabilities/9100
502 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12895
503 | - https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
504 | - http://blog.vulnspy.com/2018/06/27/Wordpress-4-9-6-Arbitrary-File-Delection-Vulnerbility-Exploit/
505 | - https://github.com/WordPress/WordPress/commit/c9dce0606b0d7e6f494d4abe7b193ac046a322cd
506 | - https://wordpress.org/news/2018/07/wordpress-4-9-7-security-and-maintenance-release/
507 | - https://www.wordfence.com/blog/2018/07/details-of-an-additional-file-deletion-vulnerability-patched-in-wordpress-4-9-7/
508 |
509 | [31m[!][0m Title: WordPress <= 5.0 - Authenticated File Delete
510 | Fixed in: 4.3.18
511 | References:
512 | - https://wpvulndb.com/vulnerabilities/9169
513 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20147
514 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
515 |
516 | [31m[!][0m Title: WordPress <= 5.0 - Authenticated Post Type Bypass
517 | Fixed in: 4.3.18
518 | References:
519 | - https://wpvulndb.com/vulnerabilities/9170
520 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20152
521 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
522 | - https://blog.ripstech.com/2018/wordpress-post-type-privilege-escalation/
523 |
524 | [31m[!][0m Title: WordPress <= 5.0 - PHP Object Injection via Meta Data
525 | Fixed in: 4.3.18
526 | References:
527 | - https://wpvulndb.com/vulnerabilities/9171
528 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20148
529 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
530 |
531 | [31m[!][0m Title: WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS)
532 | Fixed in: 4.3.18
533 | References:
534 | - https://wpvulndb.com/vulnerabilities/9172
535 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20153
536 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
537 |
538 | [31m[!][0m Title: WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins
539 | Fixed in: 4.3.18
540 | References:
541 | - https://wpvulndb.com/vulnerabilities/9173
542 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20150
543 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
544 | - https://github.com/WordPress/WordPress/commit/fb3c6ea0618fcb9a51d4f2c1940e9efcd4a2d460
545 |
546 | [31m[!][0m Title: WordPress <= 5.0 - User Activation Screen Search Engine Indexing
547 | Fixed in: 4.3.18
548 | References:
549 | - https://wpvulndb.com/vulnerabilities/9174
550 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20151
551 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
552 |
553 | [31m[!][0m Title: WordPress <= 5.0 - File Upload to XSS on Apache Web Servers
554 | Fixed in: 4.3.18
555 | References:
556 | - https://wpvulndb.com/vulnerabilities/9175
557 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20149
558 | - https://wordpress.org/news/2018/12/wordpress-5-0-1-security-release/
559 | - https://github.com/WordPress/WordPress/commit/246a70bdbfac3bd45ff71c7941deef1bb206b19a
560 |
561 | [31m[!][0m Title: WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution
562 | Fixed in: 5.0.1
563 | References:
564 | - https://wpvulndb.com/vulnerabilities/9222
565 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8942
566 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-8943
567 | - https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
568 | - https://www.rapid7.com/db/modules/exploit/multi/http/wp_crop_rce
569 |
570 | [31m[!][0m Title: WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS)
571 | Fixed in: 4.3.19
572 | References:
573 | - https://wpvulndb.com/vulnerabilities/9230
574 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9787
575 | - https://github.com/WordPress/WordPress/commit/0292de60ec78c5a44956765189403654fe4d080b
576 | - https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
577 | - https://blog.ripstech.com/2019/wordpress-csrf-to-rce/
578 |
579 | [31m[!][0m Title: WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation
580 | Fixed in: 4.3.20
581 | References:
582 | - https://wpvulndb.com/vulnerabilities/9867
583 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16222
584 | - https://wordpress.org/news/2019/09/wordpress-5-2-3-security-and-maintenance-release/
585 | - https://github.com/WordPress/WordPress/commit/30ac67579559fe42251b5a9f887211bf61a8ed68
586 | - https://hackerone.com/reports/339483
587 |
588 | [31m[!][0m Title: WordPress <= 5.2.3 - Stored XSS in Customizer
589 | Fixed in: 4.3.21
590 | References:
591 | - https://wpvulndb.com/vulnerabilities/9908
592 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17674
593 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
594 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
595 |
596 | [31m[!][0m Title: WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts
597 | Fixed in: 4.3.21
598 | References:
599 | - https://wpvulndb.com/vulnerabilities/9909
600 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17671
601 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
602 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
603 | - https://github.com/WordPress/WordPress/commit/f82ed753cf00329a5e41f2cb6dc521085136f308
604 | - https://0day.work/proof-of-concept-for-wordpress-5-2-3-viewing-unauthenticated-posts/
605 |
606 | [31m[!][0m Title: WordPress <= 5.2.3 - Stored XSS in Style Tags
607 | Fixed in: 4.3.21
608 | References:
609 | - https://wpvulndb.com/vulnerabilities/9910
610 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17672
611 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
612 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
613 |
614 | [31m[!][0m Title: WordPress <= 5.2.3 - JSON Request Cache Poisoning
615 | Fixed in: 4.3.21
616 | References:
617 | - https://wpvulndb.com/vulnerabilities/9911
618 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17673
619 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
620 | - https://github.com/WordPress/WordPress/commit/b224c251adfa16a5f84074a3c0886270c9df38de
621 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
622 |
623 | [31m[!][0m Title: WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation
624 | Fixed in: 4.3.21
625 | References:
626 | - https://wpvulndb.com/vulnerabilities/9912
627 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17669
628 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17670
629 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
630 | - https://github.com/WordPress/WordPress/commit/9db44754b9e4044690a6c32fd74b9d5fe26b07b2
631 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
632 |
633 | [31m[!][0m Title: WordPress <= 5.2.3 - Admin Referrer Validation
634 | Fixed in: 4.3.21
635 | References:
636 | - https://wpvulndb.com/vulnerabilities/9913
637 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17675
638 | - https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
639 | - https://github.com/WordPress/WordPress/commit/b183fd1cca0b44a92f0264823dd9f22d2fd8b8d0
640 | - https://blog.wpscan.org/wordpress/security/release/2019/10/15/wordpress-524-security-release-breakdown.html
641
642[32m[+][0m WordPress theme in use: wpserved
643 | Location: http://www.tatianahajduk.com/wp-content/themes/wpserved/
644 | Readme: http://www.tatianahajduk.com/wp-content/themes/wpserved/readme.md
645 | Style URL: http://www.tatianahajduk.com/wp-content/themes/wpserved/style.css?ver=4.3
646 | Style Name: WPServed
647 | Description: Underscores based theme...
648 | Author: WPServed
649 | Author URI: http://wpserved.com/
650 |
651 | Found By: Css Style In Homepage (Passive Detection)
652 | Confirmed By: Css Style In 404 Page (Passive Detection)
653 |
654 | Version: 1.0.0 (80% confidence)
655 | Found By: Style (Passive Detection)
656 | - http://www.tatianahajduk.com/wp-content/themes/wpserved/style.css?ver=4.3, Match: 'Version: 1.0.0'
657
658
659[34m[i][0m User(s) Identified:
660
661[32m[+][0m web-master
662 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
663
664[32m[+][0m admin
665 | Found By: Author Id Brute Forcing - Author Pattern (Aggressive Detection)
666
667[32m[+][0m WPVulnDB API OK
668 | Plan: free
669 | Requests Done (during the scan): 2
670 | Requests Remaining: 46
671
672[32m[+][0m Finished: Thu Dec 12 20:54:40 2019
673[32m[+][0m Requests Done: 56
674[32m[+][0m Cached Requests: 9
675[32m[+][0m Data Sent: 14.924 KB
676[32m[+][0m Data Received: 273.047 KB
677[32m[+][0m Memory used: 132.09 MB
678[32m[+][0m Elapsed time: 00:00:18