_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.20
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[32m[+][0m URL: http://10.96.60.8/home/ [10.96.60.8]
[32m[+][0m Started: Tue Feb 15 15:10:43 2022
Interesting Finding(s):
[32m[+][0m XML-RPC seems to be enabled: http://10.96.60.8/home/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
[32m[+][0m WordPress readme found: http://10.96.60.8/home/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[32m[+][0m Upload directory has listing enabled: http://10.96.60.8/home/wp-content/uploads/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[32m[+][0m The external WP-Cron seems to be enabled: http://10.96.60.8/home/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[32m[+][0m WordPress version 5.8.1 identified (Insecure, released on 2021-09-09).
| Found By: Atom Generator (Aggressive Detection)
| - http://10.96.60.8/home/?feed=atom, <generator uri="https://wordpress.org/" version="5.8.1">WordPress</generator>
| Confirmed By: Style Etag (Aggressive Detection)
| - http://10.96.60.8/home/wp-admin/load-styles.php, Match: '5.8.1'
|
| [31m[!][0m 5 vulnerabilities identified:
|
| [31m[!][0m Title: WordPress < 5.8.2 - Expired DST Root CA X3 Certificate
| Fixed in: 5.8.2
| References:
| - https://wpscan.com/vulnerability/cc23344a-5c91-414a-91e3-c46db614da8d
| - https://wordpress.org/news/2021/11/wordpress-5-8-2-security-and-maintenance-release/
| - https://core.trac.wordpress.org/ticket/54207
|
| [31m[!][0m Title: WordPress < 5.8.3 - SQL Injection via WP_Query
| Fixed in: 5.8.3
| References:
| - https://wpscan.com/vulnerability/7f768bcf-ed33-4b22-b432-d1e7f95c1317
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21661
| - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-6676-cqfm-gw84
| - https://hackerone.com/reports/1378209
|
| [31m[!][0m Title: WordPress < 5.8.3 - Author+ Stored XSS via Post Slugs
| Fixed in: 5.8.3
| References:
| - https://wpscan.com/vulnerability/dc6f04c2-7bf2-4a07-92b5-dd197e4d94c8
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21662
| - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-699q-3hj9-889w
| - https://hackerone.com/reports/425342
| - https://blog.sonarsource.com/wordpress-stored-xss-vulnerability
|
| [31m[!][0m Title: WordPress 4.1-5.8.2 - SQL Injection via WP_Meta_Query
| Fixed in: 5.8.3
| References:
| - https://wpscan.com/vulnerability/24462ac4-7959-4575-97aa-a6dcceeae722
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21664
| - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jp3p-gw8h-6x86
|
| [31m[!][0m Title: WordPress < 5.8.3 - Super Admin Object Injection in Multisites
| Fixed in: 5.8.3
| References:
| - https://wpscan.com/vulnerability/008c21ab-3d7e-4d97-b6c3-db9d83f390a7
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21663
| - https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-jmmq-m8p8-332h
| - https://hackerone.com/reports/541469
[34m[i][0m The main theme could not be detected.
[34m[i][0m Plugin(s) Identified:
[32m[+][0m jetpack
| Location: http://10.96.60.8/home/wp-content/plugins/jetpack/
| Last Updated: 2022-02-01T11:31:00.000Z
| [33m[!][0m The version is out of date, the latest version is 10.6
|
| Found By: Urls In Homepage (Passive Detection)
|
| Version: 10.1 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - http://10.96.60.8/home/wp-content/plugins/jetpack/readme.txt
[34m[i][0m No Config Backups Found.
[32m[+][0m WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 2
| Requests Remaining: 23
[32m[+][0m Finished: Tue Feb 15 15:10:47 2022
[32m[+][0m Requests Done: 177
[32m[+][0m Cached Requests: 2
[32m[+][0m Data Sent: 49.507 KB
[32m[+][0m Data Received: 121.335 KB
[32m[+][0m Memory used: 194.992 MB
[32m[+][0m Elapsed time: 00:00:04