_______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.8.22 Sponsored by Automattic - https://automattic.com/ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [+] URL: https://www.wikimedia.it/ [51.75.90.142] [+] Started: Tue Aug 20 17:41:07 2024 Interesting Finding(s): [+] Headers | Interesting Entry: Server: Apache/2.4.38 (Debian) | Found By: Headers (Passive Detection) | Confidence: 100% [+] robots.txt found: https://www.wikimedia.it/robots.txt | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% [+] This site has 'Must Use Plugins': https://www.wikimedia.it/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins [+] The external WP-Cron seems to be enabled: https://www.wikimedia.it/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 Fingerprinting the version - Time: 00:00:20 <================================================================================================================================> (702 / 702) 100.00% Time: 00:00:20 [i] The WordPress version could not be detected. [+] WordPress theme in use: betheme | Location: https://www.wikimedia.it/wp-content/themes/betheme/ | Last Updated: 2024-07-31T19:24:02.000Z | Readme: https://www.wikimedia.it/wp-content/themes/betheme/readme.txt | [!] The version is out of date, the latest version is 27.5.3 | Style URL: https://www.wikimedia.it/wp-content/themes/betheme/style.css | Style Name: Betheme | Style URI: https://themes.muffingroup.com/betheme/ | Description: The biggest WordPress Theme ever... | Author: Muffin group | Author URI: https://muffingroup.com/ | | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection) | | Version: 27.4.3 (80% confidence) | Found By: Style (Passive Detection) | - https://www.wikimedia.it/wp-content/themes/betheme/style.css, Match: 'Version: 27.4.3' [+] Enumerating All Plugins (via Passive Methods) [+] Checking Plugin Versions (via Passive and Aggressive Methods) [i] Plugin(s) Identified: [+] addon-elements-for-elementor-page-builder | Location: https://www.wikimedia.it/wp-content/plugins/addon-elements-for-elementor-page-builder/ | Latest Version: 1.13.6 (up to date) | Last Updated: 2024-06-25T05:42:00.000Z | | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection) | | Version: 1.13.6 (50% confidence) | Found By: Readme - ChangeLog Section (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt [+] elementor | Location: https://www.wikimedia.it/wp-content/plugins/elementor/ | Latest Version: 3.23.4 (up to date) | Last Updated: 2024-08-05T10:50:00.000Z | | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection) | | Version: 3.23.4 (100% confidence) | Found By: Query Parameter (Passive Detection) | - https://www.wikimedia.it/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.23.4 | Confirmed By: | Readme - Stable Tag (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/elementor/readme.txt | Readme - ChangeLog Section (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/elementor/readme.txt [+] essential-addons-for-elementor-lite | Location: https://www.wikimedia.it/wp-content/plugins/essential-addons-for-elementor-lite/ | Latest Version: 6.0.1 (up to date) | Last Updated: 2024-08-19T10:56:00.000Z | | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection) | | Version: 6.0.1 (100% confidence) | Found By: Readme - Stable Tag (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt | Confirmed By: Readme - ChangeLog Section (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/essential-addons-for-elementor-lite/readme.txt [+] gdpr-cookie-compliance | Location: https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/ | Latest Version: 4.15.2 (up to date) | Last Updated: 2024-07-08T10:22:00.000Z | | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection) | | Version: 4.15.2 (90% confidence) | Found By: Query Parameter (Passive Detection) | - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.15.2 | Confirmed By: Readme - Stable Tag (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/readme.txt [+] gravityforms | Location: https://www.wikimedia.it/wp-content/plugins/gravityforms/ | Last Updated: 2024-08-13T00:00:00.000Z | [!] The version is out of date, the latest version is 2.8.16 | | Found By: Urls In 404 Page (Passive Detection) | | Version: 2.7.12 (90% confidence) | Found By: Query Parameter (Passive Detection) | - https://www.wikimedia.it/wp-content/plugins/gravityforms/js/jquery.json.min.js?ver=2.7.12 | - https://www.wikimedia.it/wp-content/plugins/gravityforms/js/gravityforms.min.js?ver=2.7.12 | - https://www.wikimedia.it/wp-content/plugins/gravityforms/js/placeholders.jquery.min.js?ver=2.7.12 | Confirmed By: Change Log (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/gravityforms/change_log.txt, Match: '### 2.7.12' [+] js_composer | Location: https://www.wikimedia.it/wp-content/plugins/js_composer/ | Last Updated: 2024-07-24T02:32:11.000Z | [!] The version is out of date, the latest version is 7.8 | | Found By: Body Tag (Passive Detection) | | [!] 3 vulnerabilities identified: | | [!] Title: WPBakery Page Builder < 7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via VC Single Image link attribute | Fixed in: 7.7 | References: | - https://wpscan.com/vulnerability/3b067a13-ee58-44c9-80af-ae04af6256c8 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5265 | - https://www.wordfence.com/threat-intel/vulnerabilities/id/35a5114e-5c5f-4003-8bb3-77243ffbac1a | | [!] Title: WPBakery < 7.8 - Authenticated (Author+) Stored Cross-Site Scripting | Fixed in: 7.8 | References: | - https://wpscan.com/vulnerability/992e5d47-e290-420a-adf8-f552a929e51d | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5708 | - https://www.wordfence.com/threat-intel/vulnerabilities/id/23ff12f0-eb9d-4bb3-8db0-0e794c0f0594 | | [!] Title: WPBakery < 7.8 - Authenticated (Author+) Local File Inclusion | Fixed in: 7.8 | References: | - https://wpscan.com/vulnerability/6e3e1944-67f7-405e-ae4f-f0ab8c6c9acd | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-5709 | - https://www.wordfence.com/threat-intel/vulnerabilities/id/7fad30c8-fd8a-4cf2-a3aa-16a374231b87 | | Version: 7.6 (60% confidence) | Found By: Body Tag (Passive Detection) | - https://www.wikimedia.it/, Match: 'js-comp-ver-7.6' [+] smart-slider-3 | Location: https://www.wikimedia.it/wp-content/plugins/smart-slider-3/ | Latest Version: 3.5.1.23 (up to date) | Last Updated: 2024-04-11T14:11:00.000Z | | Found By: Urls In Homepage (Passive Detection) | | Version: 3.5.1.23 (100% confidence) | Found By: Readme - Stable Tag (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/smart-slider-3/readme.txt | Confirmed By: Readme - ChangeLog Section (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/smart-slider-3/readme.txt [+] w3-total-cache | Location: https://www.wikimedia.it/wp-content/plugins/w3-total-cache/ | Latest Version: 2.7.5 (up to date) | Last Updated: 2024-08-07T17:08:00.000Z | | Found By: Comment Debug Info (Passive Detection) | | Version: 2.7.5 (100% confidence) | Found By: Readme - Stable Tag (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/w3-total-cache/readme.txt | Confirmed By: Readme - ChangeLog Section (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/w3-total-cache/readme.txt [+] wordpress-seo | Location: https://www.wikimedia.it/wp-content/plugins/wordpress-seo/ | Latest Version: 23.3 (up to date) | Last Updated: 2024-08-20T07:39:00.000Z | | Found By: Comment (Passive Detection) | | Version: 23.3 (100% confidence) | Found By: Comment (Passive Detection) | - https://www.wikimedia.it/, Match: 'optimized with the Yoast SEO plugin v23.3 -' | Confirmed By: | Readme - Stable Tag (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/wordpress-seo/readme.txt | Readme - ChangeLog Section (Aggressive Detection) | - https://www.wikimedia.it/wp-content/plugins/wordpress-seo/readme.txt [+] Enumerating Config Backups (via Passive and Aggressive Methods) Checking Config Backups - Time: 00:00:09 <==================================================================================================================================> (137 / 137) 100.00% Time: 00:00:09 [i] No Config Backups Found. [+] WPScan DB API OK | Plan: free | Requests Done (during the scan): 10 | Requests Remaining: 4 [+] Finished: Tue Aug 20 17:41:53 2024 [+] Requests Done: 1483 [+] Cached Requests: 8 [+] Data Sent: 473.021 KB [+] Data Received: 31.929 MB [+] Memory used: 275.719 MB [+] Elapsed time: 00:00:45