Untitled
unknown
plain_text
3 years ago
11 kB
21
Indexable
┌──(pero㉿linux)-[~]
└─$ wpscan --url https://www.efektimpex.eu/ --random-user-agent --api-token dOq0cT4DwsqsoZAroMMzgO185Cvuorat01DKlZQeQdI
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.22
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[i] It seems like you have not updated the database for some time.
[?] Do you want to update now? [Y]es [N]o, default: [N]y
[i] Updating the Database ...
[i] Update completed.
[+] URL: https://www.efektimpex.eu/ [54.38.195.73]
[+] Started: Thu May 11 19:47:32 2023
Interesting Finding(s):
[+] Headers
| Interesting Entries:
| - x-powered-by: PHP/7.3.27
| - server: LiteSpeed
| - alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: https://www.efektimpex.eu/xmlrpc.php
| Found By: Link Tag (Passive Detection)
| Confidence: 100%
| Confirmed By: Direct Access (Aggressive Detection), 100% confidence
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
[+] WordPress readme found: https://www.efektimpex.eu/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] The external WP-Cron seems to be enabled: https://www.efektimpex.eu/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 6.0.3 identified (Outdated, released on 2022-10-17).
| Found By: Rss Generator (Passive Detection)
| - https://www.efektimpex.eu/feed/, <generator>https://wordpress.org/?v=6.0.3</generator>
| Confirmed By: Meta Generator (Passive Detection)
| - https://www.efektimpex.eu/, Match: 'WordPress 6.0.3'
|
| [!] 1 vulnerability identified:
|
| [!] Title: WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding
| References:
| - https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3590
| - https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/
[+] WordPress theme in use: woodmart
| Location: https://www.efektimpex.eu/wp-content/themes/woodmart/
| Last Updated: 2023-05-09T13:38:34.000Z
| [!] The version is out of date, the latest version is 7.2.3
| Style URL: https://www.efektimpex.eu/wp-content/themes/woodmart/style.css
| Style Name: Woodmart
| Style URI: https://woodmart.xtemos.com/
| Description: ThemeForest Premium Theme...
| Author: XTemos
| Author URI: http://themeforest.net/user/xtemos
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 2 vulnerabilities identified:
|
| [!] Title: WoodMart < 7.1.2 - Unauthenticated Arbitrary Shortcode Injection
| Fixed in: 7.1.2
| References:
| - https://wpscan.com/vulnerability/d8d393dd-42f3-41c6-a68e-c400efaca4c8
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25790
| - https://packetstormsecurity.com/files/171154/
|
| [!] Title: WoodMart < 7.1.2 - License Update/Deactivation via CSRF
| Fixed in: 7.1.2
| References:
| - https://wpscan.com/vulnerability/9ea05381-f059-466f-a194-2b93f679e467
| - https://packetstormsecurity.com/files/171189/
|
| Version: 5.0.3 (80% confidence)
| Found By: Style (Passive Detection)
| - https://www.efektimpex.eu/wp-content/themes/woodmart/style.css, Match: 'Version: 5.0.3'
[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
[i] Plugin(s) Identified:
[+] advanced-google-recaptcha
| Location: https://www.efektimpex.eu/wp-content/plugins/advanced-google-recaptcha/
| Last Updated: 2023-02-20T06:05:00.000Z
| [!] The version is out of date, the latest version is 1.0.14
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.0.9 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/advanced-google-recaptcha/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/advanced-google-recaptcha/readme.txt
[+] contact-form-7
| Location: https://www.efektimpex.eu/wp-content/plugins/contact-form-7/
| Latest Version: 5.7.6 (up to date)
| Last Updated: 2023-04-23T08:44:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 5.7.6 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/contact-form-7/readme.txt
[+] contact-form-plugin
| Location: https://www.efektimpex.eu/wp-content/plugins/contact-form-plugin/
| Latest Version: 4.2.4 (up to date)
| Last Updated: 2023-04-12T13:01:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.2.4 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/contact-form-plugin/css/form_style.css?ver=4.2.4
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/contact-form-plugin/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/contact-form-plugin/readme.txt
[+] cookie-notice
| Location: https://www.efektimpex.eu/wp-content/plugins/cookie-notice/
| Latest Version: 2.4.8 (up to date)
| Last Updated: 2023-03-28T11:56:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 2.4.8 (90% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.8
| Confirmed By: Readme - Stable Tag (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/cookie-notice/readme.txt
[+] elementor
| Location: https://www.efektimpex.eu/wp-content/plugins/elementor/
| Latest Version: 3.13.1 (up to date)
| Last Updated: 2023-05-09T13:01:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.13.1 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.13.1
| - https://www.efektimpex.eu/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.13.1
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/elementor/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/elementor/readme.txt
[+] revslider
| Location: https://www.efektimpex.eu/wp-content/plugins/revslider/
| Last Updated: 2023-05-08T06:54:34.000Z
| [!] The version is out of date, the latest version is 6.6.13
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By:
| Urls In 404 Page (Passive Detection)
| Meta Generator (Passive Detection)
|
| Version: 6.2.17 (100% confidence)
| Found By: Meta Generator (Passive Detection)
| - https://www.efektimpex.eu/, Match: 'Powered by Slider Revolution 6.2.17'
| Confirmed By: Release Log (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/revslider/release_log.html, Match: 'Version 6.2.17 (17th July 2020)'
[+] woocommerce
| Location: https://www.efektimpex.eu/wp-content/plugins/woocommerce/
| Latest Version: 7.7.0 (up to date)
| Last Updated: 2023-05-09T22:46:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 7.7.0 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.7.0
| - https://www.efektimpex.eu/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.7.0
| - https://www.efektimpex.eu/wp-content/plugins/woocommerce/assets/js/frontend/cart-fragments.min.js?ver=7.7.0
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/woocommerce/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/woocommerce/readme.txt
[+] wp-analytify
| Location: https://www.efektimpex.eu/wp-content/plugins/wp-analytify/
| Latest Version: 5.0.3 (up to date)
| Last Updated: 2023-05-10T10:27:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 5.0.3 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/wp-analytify/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.efektimpex.eu/wp-content/plugins/wp-analytify/readme.txt
[+] wp-smush-pro
| Location: https://www.efektimpex.eu/wp-content/plugins/wp-smush-pro/
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| The version could not be determined.
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:05:04 <=======================================================================================> (137 / 137) 100.00% Time: 00:05:04
[i] No Config Backups Found.
[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 11
| Requests Remaining: 64
[+] Finished: Thu May 11 19:53:37 2023
[+] Requests Done: 220
[+] Cached Requests: 6
[+] Data Sent: 56.642 KB
[+] Data Received: 14.497 MB
[+] Memory used: 270.48 MB
[+] Elapsed time: 00:06:05
┌──(pero㉿linux)-[~]
└─$
Editor is loading...