-
-
Save emilstahl/015435eccc8f24ceae6c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
_______________________________________________________________ | |
__ _______ _____ | |
\ \ / / __ \ / ____| | |
\ \ /\ / /| |__) | (___ ___ __ _ _ __ | |
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ | |
\ /\ / | | ____) | (__| (_| | | | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_| | |
WordPress Security Scanner by the WPScan Team | |
Version 2.7 | |
Sponsored by Sucuri - https://sucuri.net | |
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_ | |
_______________________________________________________________ | |
[+] URL: http://keyworld.dk/ | |
[+] Started: Sun May 17 22:21:19 2015 | |
[!] The WordPress 'http://keyworld.dk/readme.html' file exists exposing a version number | |
[!] Full Path Disclosure (FPD) in: 'http://keyworld.dk/wp-includes/rss-functions.php' | |
[+] Interesting header: SERVER: Apache/2.2.22 (Debian) | |
[+] Interesting header: X-POWERED-BY: PHP/5.4.39-0+deb7u2 | |
[+] XML-RPC Interface available under: http://keyworld.dk/xmlrpc.php | |
[+] WordPress version 3.9.2 identified from rss generator | |
[!] 7 vulnerabilities identified from the version number | |
[!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout | |
Reference: https://wpvulndb.com/vulnerabilities/7531 | |
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5868 | |
[i] Fixed in: 4.0 | |
[!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS) | |
Reference: https://wpvulndb.com/vulnerabilities/7680 | |
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9031 | |
[i] Fixed in: 4.0 | |
[!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS) | |
Reference: https://wpvulndb.com/vulnerabilities/7681 | |
Reference: http://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos | |
[i] Fixed in: 4.0.1 | |
[!] Title: WordPress <= 4.0 - CSRF in wp-login.php Password Reset | |
Reference: https://wpvulndb.com/vulnerabilities/7691 | |
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9033 | |
[i] Fixed in: 4.0.1 | |
[!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF) | |
Reference: https://wpvulndb.com/vulnerabilities/7696 | |
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9038 | |
[i] Fixed in: 4.0.1 | |
[!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists | |
Reference: https://wpvulndb.com/vulnerabilities/7697 | |
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9032 | |
[i] Fixed in: 4.0.1 | |
[!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS) | |
Reference: https://wpvulndb.com/vulnerabilities/7929 | |
Reference: https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/ | |
[i] Fixed in: 4.1.2 | |
[+] Enumerating plugins from passive detection ... | |
| 1 plugin found: | |
[+] Name: woodojo-downloads | |
| Location: http://keyworld.dk/wp-content/plugins/woodojo-downloads/ | |
[+] Finished: Sun May 17 22:22:14 2015 | |
[+] Requests Done: 106 | |
[+] Memory used: 9.207 MB | |
[+] Elapsed time: 00:00:54 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment