Skip to content

Instantly share code, notes, and snippets.

@emilstahl
Created May 17, 2015
Embed
What would you like to do?
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.7
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
[+] URL: http://keyworld.dk/
[+] Started: Sun May 17 22:21:19 2015
[!] The WordPress 'http://keyworld.dk/readme.html' file exists exposing a version number
[!] Full Path Disclosure (FPD) in: 'http://keyworld.dk/wp-includes/rss-functions.php'
[+] Interesting header: SERVER: Apache/2.2.22 (Debian)
[+] Interesting header: X-POWERED-BY: PHP/5.4.39-0+deb7u2
[+] XML-RPC Interface available under: http://keyworld.dk/xmlrpc.php
[+] WordPress version 3.9.2 identified from rss generator
[!] 7 vulnerabilities identified from the version number
[!] Title: WordPress 3.4.2 - 3.9.2 Does Not Invalidate Sessions Upon Logout
Reference: https://wpvulndb.com/vulnerabilities/7531
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5868
[i] Fixed in: 4.0
[!] Title: WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/7680
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9031
[i] Fixed in: 4.0
[!] Title: WordPress <= 4.0 - Long Password Denial of Service (DoS)
Reference: https://wpvulndb.com/vulnerabilities/7681
Reference: http://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_long_password_dos
[i] Fixed in: 4.0.1
[!] Title: WordPress <= 4.0 - CSRF in wp-login.php Password Reset
Reference: https://wpvulndb.com/vulnerabilities/7691
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9033
[i] Fixed in: 4.0.1
[!] Title: WordPress <= 4.0 - Server Side Request Forgery (SSRF)
Reference: https://wpvulndb.com/vulnerabilities/7696
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9038
[i] Fixed in: 4.0.1
[!] Title: WordPress 3.9, 3.9.1, 3.9.2, 4.0 - XSS in Media Playlists
Reference: https://wpvulndb.com/vulnerabilities/7697
Reference: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-9032
[i] Fixed in: 4.0.1
[!] Title: WordPress <= 4.1.1 - Unauthenticated Stored Cross-Site Scripting (XSS)
Reference: https://wpvulndb.com/vulnerabilities/7929
Reference: https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/
[i] Fixed in: 4.1.2
[+] Enumerating plugins from passive detection ...
| 1 plugin found:
[+] Name: woodojo-downloads
| Location: http://keyworld.dk/wp-content/plugins/woodojo-downloads/
[+] Finished: Sun May 17 22:22:14 2015
[+] Requests Done: 106
[+] Memory used: 9.207 MB
[+] Elapsed time: 00:00:54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment