_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.22

       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[i] Updating the Database ...
[i] Update completed.

[+] URL: https://www.wikimedia.it/ [51.75.90.142]
[+] Started: Mon Sep 19 10:32:48 2022

Interesting Finding(s):

[+] Headers
 | Interesting Entry: Server: Apache/2.4.38 (Debian)
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] robots.txt found: https://www.wikimedia.it/robots.txt
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

[+] XML-RPC seems to be enabled: https://www.wikimedia.it/xmlrpc.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%
 | References:
 |  - http://codex.wordpress.org/XML-RPC_Pingback_API
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
 |  - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
 |  - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: https://www.wikimedia.it/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] This site has 'Must Use Plugins': https://www.wikimedia.it/wp-content/mu-plugins/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 80%
 | Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] The external WP-Cron seems to be enabled: https://www.wikimedia.it/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 6.0 identified (Insecure, released on 2022-05-24).
 | Found By: Rss Generator (Passive Detection)
 |  - https://www.wikimedia.it/feed/, <generator>https://wordpress.org/?v=6.0</generator>
 |  - https://www.wikimedia.it/comments/feed/, <generator>https://wordpress.org/?v=6.0</generator>
 |  - https://www.wikimedia.it/home-page/feed/, <generator>https://wordpress.org/?v=6.0</generator>
 |
 | [!] 3 vulnerabilities identified:
 |
 | [!] Title: WP < 6.0.2 - Reflected Cross-Site Scripting
 |     Fixed in: 6.0.2
 |     References:
 |      - https://wpscan.com/vulnerability/622893b0-c2c4-4ee7-9fa1-4cecef6e36be
 |      - https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/
 |
 | [!] Title: WP < 6.0.2 - Authenticated Stored Cross-Site Scripting
 |     Fixed in: 6.0.2
 |     References:
 |      - https://wpscan.com/vulnerability/3b1573d4-06b4-442b-bad5-872753118ee0
 |      - https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/
 |
 | [!] Title: WP < 6.0.2 - SQLi via Link API
 |     Fixed in: 6.0.2
 |     References:
 |      - https://wpscan.com/vulnerability/601b0bf9-fed2-4675-aec7-fed3156a022f
 |      - https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-maintenance-release/

[+] WordPress theme in use: wmi
 | Location: https://www.wikimedia.it/wp-content/themes/wmi/
 | Style URL: https://www.wikimedia.it/wp-content/themes/wmi/style.css?ver=6.0
 | Style Name: Wikimedia.it
 | Style URI: https://emeraldcommunication.com
 | Description: Wikimedia theme based on "betheme theme"...
 | Author: Emerald Communnication
 | Author URI: https://emeraldcommunication.com
 |
 | Found By: Css Style In Homepage (Passive Detection)
 | Confirmed By: Css Style In 404 Page (Passive Detection)
 |
 | Version: 1.0.1 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://www.wikimedia.it/wp-content/themes/wmi/style.css?ver=6.0, Match: 'Version:      1.0.1'

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] addon-elements-for-elementor-page-builder
 | Location: https://www.wikimedia.it/wp-content/plugins/addon-elements-for-elementor-page-builder/
 | Last Updated: 2022-08-19T10:52:00.000Z
 | [!] The version is out of date, the latest version is 1.11.15
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | [!] 1 vulnerability identified:
 |
 | [!] Title: Unauthorised AJAX Calls via Freemius
 |     Fixed in: 1.11.14
 |     Reference: https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a
 |
 | Version: 1.11.11 (50% confidence)
 | Found By: Readme - ChangeLog Section (Aggressive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt

[+] elementor
 | Location: https://www.wikimedia.it/wp-content/plugins/elementor/
 | Last Updated: 2022-09-15T14:00:00.000Z
 | [!] The version is out of date, the latest version is 3.7.6
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 3.6.6 (100% confidence)
 | Found By: Query Parameter (Passive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.6.6
 |  - https://www.wikimedia.it/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.6.6
 | Confirmed By:
 |  Readme - Stable Tag (Aggressive Detection)
 |   - https://www.wikimedia.it/wp-content/plugins/elementor/readme.txt
 |  Readme - ChangeLog Section (Aggressive Detection)
 |   - https://www.wikimedia.it/wp-content/plugins/elementor/readme.txt

[+] gdpr-cookie-compliance
 | Location: https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/
 | Last Updated: 2022-08-17T07:01:00.000Z
 | [!] The version is out of date, the latest version is 4.8.12
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 4.8.7 (100% confidence)
 | Found By: Query Parameter (Passive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/dist/styles/gdpr-main.css?ver=4.8.7
 |  - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.8.7
 | Confirmed By: Readme - Stable Tag (Aggressive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/readme.txt

[+] smart-slider-3
 | Location: https://www.wikimedia.it/wp-content/plugins/smart-slider-3/
 | Last Updated: 2022-08-18T06:04:00.000Z
 | [!] The version is out of date, the latest version is 3.5.1.9
 |
 | Found By: Urls In Homepage (Passive Detection)
 |
 | Version: 3.5.1.7 (100% confidence)
 | Found By: Readme - Stable Tag (Aggressive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/smart-slider-3/readme.txt
 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/smart-slider-3/readme.txt

[+] w3-total-cache
 | Location: https://www.wikimedia.it/wp-content/plugins/w3-total-cache/
 | Last Updated: 2022-08-09T14:45:00.000Z
 | [!] The version is out of date, the latest version is 2.2.4
 |
 | Found By: Comment Debug Info (Passive Detection)
 |
 | Version: 2.2.1 (100% confidence)
 | Found By: Readme - Stable Tag (Aggressive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/w3-total-cache/readme.txt
 | Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/w3-total-cache/readme.txt

[+] wiki-embed
 | Location: https://www.wikimedia.it/wp-content/plugins/wiki-embed/
 | Latest Version: 1.4.6 (up to date)
 | Last Updated: 2013-08-13T23:08:00.000Z
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 1.4.6 (80% confidence)
 | Found By: Readme - Stable Tag (Aggressive Detection)
 |  - https://www.wikimedia.it/wp-content/plugins/wiki-embed/readme.txt

[+] wordpress-seo
 | Location: https://www.wikimedia.it/wp-content/plugins/wordpress-seo/
 | Last Updated: 2022-08-31T17:53:00.000Z
 | [!] The version is out of date, the latest version is 19.6.1
 |
 | Found By: Comment (Passive Detection)
 |
 | Version: 19.1 (100% confidence)
 | Found By: Comment (Passive Detection)
 |  - https://www.wikimedia.it/, Match: 'optimized with the Yoast SEO plugin v19.1 -'
 | Confirmed By:
 |  Readme - Stable Tag (Aggressive Detection)
 |   - https://www.wikimedia.it/wp-content/plugins/wordpress-seo/readme.txt
 |  Readme - ChangeLog Section (Aggressive Detection)
 |   - https://www.wikimedia.it/wp-content/plugins/wordpress-seo/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
 Checking Config Backups - Time: 00:00:09 <==============================================================================================================================================================> (137 / 137) 100.00% Time: 00:00:09

[i] No Config Backups Found.

[+] WPScan DB API OK
 | Plan: free
 | Requests Done (during the scan): 9
 | Requests Remaining: 66

[+] Finished: Mon Sep 19 10:33:06 2022
[+] Requests Done: 214
[+] Cached Requests: 7
[+] Data Sent: 53.519 KB
[+] Data Received: 4.256 MB
[+] Memory used: 261.156 MB
[+] Elapsed time: 00:00:17