_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.22
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[+] URL: https://www.wikimedia.it/ [51.75.90.142]
[+] Started: Mon Sep 19 16:13:49 2022
Interesting Finding(s):
[+] Headers
| Interesting Entry: Server: Apache/2.4.38 (Debian)
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] robots.txt found: https://www.wikimedia.it/robots.txt
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: https://www.wikimedia.it/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/
[+] WordPress readme found: https://www.wikimedia.it/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
[+] This site has 'Must Use Plugins': https://www.wikimedia.it/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins
[+] The external WP-Cron seems to be enabled: https://www.wikimedia.it/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 6.0.2 identified (Latest, released on 2022-08-30).
| Found By: Rss Generator (Passive Detection)
| - https://www.wikimedia.it/feed/, https://wordpress.org/?v=6.0.2
| - https://www.wikimedia.it/comments/feed/, https://wordpress.org/?v=6.0.2
| - https://www.wikimedia.it/home-page/feed/, https://wordpress.org/?v=6.0.2
[+] WordPress theme in use: wmi
| Location: https://www.wikimedia.it/wp-content/themes/wmi/
| Style URL: https://www.wikimedia.it/wp-content/themes/wmi/style.css?ver=6.0.2
| Style Name: Wikimedia.it
| Style URI: https://emeraldcommunication.com
| Description: Wikimedia theme based on "betheme theme"...
| Author: Emerald Communnication
| Author URI: https://emeraldcommunication.com
|
| Found By: Css Style In Homepage (Passive Detection)
| Confirmed By: Css Style In 404 Page (Passive Detection)
|
| Version: 1.0.1 (80% confidence)
| Found By: Style (Passive Detection)
| - https://www.wikimedia.it/wp-content/themes/wmi/style.css?ver=6.0.2, Match: 'Version: 1.0.1'
[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)
[i] Plugin(s) Identified:
[+] addon-elements-for-elementor-page-builder
| Location: https://www.wikimedia.it/wp-content/plugins/addon-elements-for-elementor-page-builder/
| Last Updated: 2022-08-19T10:52:00.000Z
| [!] The version is out of date, the latest version is 1.11.15
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| [!] 1 vulnerability identified:
|
| [!] Title: Unauthorised AJAX Calls via Freemius
| Fixed in: 1.11.14
| Reference: https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a
|
| Version: 1.11.11 (50% confidence)
| Found By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/addon-elements-for-elementor-page-builder/readme.txt
[+] elementor
| Location: https://www.wikimedia.it/wp-content/plugins/elementor/
| Latest Version: 3.7.6 (up to date)
| Last Updated: 2022-09-15T14:00:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 3.7.6 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.wikimedia.it/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.7.6
| - https://www.wikimedia.it/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.7.6
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/elementor/readme.txt
[+] gdpr-cookie-compliance
| Location: https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/
| Latest Version: 4.8.12 (up to date)
| Last Updated: 2022-08-17T07:01:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 4.8.12 (100% confidence)
| Found By: Query Parameter (Passive Detection)
| - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/dist/styles/gdpr-main.css?ver=4.8.12
| - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/dist/scripts/main.js?ver=4.8.12
| Confirmed By: Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/gdpr-cookie-compliance/readme.txt
[+] smart-slider-3
| Location: https://www.wikimedia.it/wp-content/plugins/smart-slider-3/
| Latest Version: 3.5.1.9 (up to date)
| Last Updated: 2022-08-18T06:04:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
|
| Version: 3.5.1.9 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/smart-slider-3/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/smart-slider-3/readme.txt
[+] w3-total-cache
| Location: https://www.wikimedia.it/wp-content/plugins/w3-total-cache/
| Latest Version: 2.2.4 (up to date)
| Last Updated: 2022-08-09T14:45:00.000Z
|
| Found By: Comment Debug Info (Passive Detection)
|
| Version: 2.2.4 (100% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/w3-total-cache/readme.txt
| Confirmed By: Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/w3-total-cache/readme.txt
[+] wiki-embed
| Location: https://www.wikimedia.it/wp-content/plugins/wiki-embed/
| Latest Version: 1.4.6 (up to date)
| Last Updated: 2013-08-13T23:08:00.000Z
|
| Found By: Urls In Homepage (Passive Detection)
| Confirmed By: Urls In 404 Page (Passive Detection)
|
| Version: 1.4.6 (80% confidence)
| Found By: Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/wiki-embed/readme.txt
[+] wordpress-seo
| Location: https://www.wikimedia.it/wp-content/plugins/wordpress-seo/
| Latest Version: 19.6.1 (up to date)
| Last Updated: 2022-08-31T17:53:00.000Z
|
| Found By: Comment (Passive Detection)
|
| Version: 19.6.1 (100% confidence)
| Found By: Comment (Passive Detection)
| - https://www.wikimedia.it/, Match: 'optimized with the Yoast SEO plugin v19.6.1 -'
| Confirmed By:
| Readme - Stable Tag (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/wordpress-seo/readme.txt
| Readme - ChangeLog Section (Aggressive Detection)
| - https://www.wikimedia.it/wp-content/plugins/wordpress-seo/readme.txt
[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups - Time: 00:00:16 <==============================================================================================================================================================> (137 / 137) 100.00% Time: 00:00:16
[i] No Config Backups Found.
[+] WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 9
| Requests Remaining: 57
[+] Finished: Mon Sep 19 16:14:15 2022
[+] Requests Done: 200
[+] Cached Requests: 7
[+] Data Sent: 51.953 KB
[+] Data Received: 1.295 MB
[+] Memory used: 259.961 MB
[+] Elapsed time: 00:00:25