{
"banner": {
"description": "WordPress Security Scanner by the WPScan Team",
"version": "3.4.3",
"authors": [
"@_WPScan_",
"@ethicalhack3r",
"@erwan_lr",
"@_FireFart_"
],
"sponsored_by": "Sucuri - https://sucuri.net"
},
"db_update_started": true,
"db_files_updated": [
],
"db_update_finished": true,
"start_time": 1558431927,
"start_memory": 121876480,
"target_url": "https://www.example.com/",
"effective_url": "https://www.example.com/",
"interesting_findings": [
{
"url": "https://www.example.com/",
"to_s": "https://www.example.com/",
"type": "headers",
"found_by": "Headers (Passive Detection)",
"confidence": 100,
"confirmed_by": {
},
"references": {
},
"interesting_entries": [
"Server: Apache"
]
},
{
"url": "https://www.example.com/robots.txt",
"to_s": "https://www.example.com/robots.txt",
"type": "robots_txt",
"found_by": "Robots Txt (Aggressive Detection)",
"confidence": 100,
"confirmed_by": {
},
"references": {
},
"interesting_entries": [
"/wp-admin/",
"/wp-admin/admin-ajax.php",
" "
]
},
{
"url": "https://www.example.com/xmlrpc.php",
"to_s": "https://www.example.com/xmlrpc.php",
"type": "xmlrpc",
"found_by": "Link Tag (Passive Detection)",
"confidence": 100,
"confirmed_by": {
"Direct Access (Aggressive Detection)": {
"confidence": 100
}
},
"references": {
"url": [
"http://codex.wordpress.org/XML-RPC_Pingback_API"
],
"metasploit": [
"auxiliary/scanner/http/wordpress_ghost_scanner",
"auxiliary/dos/http/wordpress_xmlrpc_dos",
"auxiliary/scanner/http/wordpress_xmlrpc_login",
"auxiliary/scanner/http/wordpress_pingback_access"
]
},
"interesting_entries": [
]
},
{
"url": "https://www.example.com/readme.html",
"to_s": "https://www.example.com/readme.html",
"type": "readme",
"found_by": "Direct Access (Aggressive Detection)",
"confidence": 100,
"confirmed_by": {
},
"references": {
},
"interesting_entries": [
]
}
],
"version": {
"number": "4.9.10",
"release_date": "2019-03-13",
"status": "latest",
"found_by": "Rss Generator (Passive Detection)",
"confidence": 100,
"interesting_entries": [
"https://www.example.com/feed/, https://wordpress.org/?v=4.9.10",
"https://www.example.com/comments/feed/, https://wordpress.org/?v=4.9.10"
],
"confirmed_by": {
},
"vulnerabilities": [
]
},
"main_theme": {
"slug": "x",
"location": "https://www.example.com/wp-content/themes/x/",
"latest_version": null,
"last_updated": null,
"outdated": false,
"readme_url": "https://www.example.com/wp-content/themes/x/readme.txt",
"changelog_url": null,
"directory_listing": false,
"error_log_url": null,
"style_url": "https://www.example.com/wp-content/themes/x/style.css",
"style_name": "X",
"style_uri": "http://theme.co/x/",
"description": "An immensely powerful and endlessly customizable WordPress theme.",
"author": "Themeco",
"author_uri": "http://theme.co/",
"template": null,
"license": "GNU General Public License v2.0",
"license_uri": "http://www.gnu.org/licenses/gpl-2.0.html",
"tags": null,
"text_domain": "__x__",
"found_by": "Urls In Homepage (Passive Detection)",
"confidence": 6,
"interesting_entries": [
],
"confirmed_by": {
},
"vulnerabilities": [
],
"version": {
"number": "3.2.1",
"confidence": 80,
"found_by": "Style (Passive Detection)",
"interesting_entries": [
"https://www.example.com/wp-content/themes/x/style.css, Match: 'Version: 3.2.1'"
],
"confirmed_by": {
},
"vulnerabilities": [
]
},
"parents": [
]
},
"plugins": {
"bwp-minify": {
"slug": "bwp-minify",
"location": "https://www.example.com/wp-content/plugins/bwp-minify/",
"latest_version": "1.3.3",
"last_updated": "2015-09-13T09:49:00.000Z",
"outdated": false,
"readme_url": null,
"changelog_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Urls In Homepage (Passive Detection)",
"confidence": 80,
"interesting_entries": [
],
"confirmed_by": {
},
"vulnerabilities": [
],
"version": {
"number": "1.3.3",
"confidence": 100,
"found_by": "Readme - Stable Tag (Aggressive Detection)",
"interesting_entries": [
"https://www.example.com/wp-content/plugins/bwp-minify/readme.txt"
],
"confirmed_by": {
"Readme - ChangeLog Section (Aggressive Detection)": {
"confidence": 50,
"interesting_entries": [
"https://www.example.com/wp-content/plugins/bwp-minify/readme.txt"
]
}
},
"vulnerabilities": [
]
}
},
"jm-twitter-cards": {
"slug": "jm-twitter-cards",
"location": "https://www.example.com/wp-content/plugins/jm-twitter-cards/",
"latest_version": "10.0.1",
"last_updated": "2018-12-14T21:29:00.000Z",
"outdated": true,
"readme_url": null,
"changelog_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Comment (Passive Detection)",
"confidence": 30,
"interesting_entries": [
],
"confirmed_by": {
},
"vulnerabilities": [
],
"version": {
"number": "9.4",
"confidence": 60,
"found_by": "Comment (Passive Detection)",
"interesting_entries": [
"https://www.example.com/, Match: 'JM Twitter Cards by Julien Maury 9.4'"
],
"confirmed_by": {
},
"vulnerabilities": [
]
}
},
"js_composer": {
"slug": "js_composer",
"location": "https://www.example.com/wp-content/plugins/js_composer/",
"latest_version": null,
"last_updated": null,
"outdated": false,
"readme_url": null,
"changelog_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Meta Generator (Passive Detection)",
"confidence": 80,
"interesting_entries": [
],
"confirmed_by": {
"Body Tag (Passive Detection)": {
"confidence": 40,
"interesting_entries": [
]
}
},
"vulnerabilities": [
],
"version": {
"number": "4.11.1",
"confidence": 60,
"found_by": "Body Tag (Passive Detection)",
"interesting_entries": [
"https://www.example.com/, Match: 'js-comp-ver-4.11.1'"
],
"confirmed_by": {
},
"vulnerabilities": [
]
}
},
"wordpress-seo": {
"slug": "wordpress-seo",
"location": "https://www.example.com/wp-content/plugins/wordpress-seo/",
"latest_version": "11.2.1",
"last_updated": "2019-05-16T11:05:00.000Z",
"outdated": true,
"readme_url": null,
"changelog_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Comment (Passive Detection)",
"confidence": 30,
"interesting_entries": [
],
"confirmed_by": {
},
"vulnerabilities": [
{
"title": "Yoast SEO <= 9.1 - Authenticated Race Condition",
"fixed_in": "9.2",
"references": {
"cve": [
"2018-19370"
],
"url": [
"https://plugins.trac.wordpress.org/changeset/1977260/wordpress-seo",
"https://www.youtube.com/watch?v=nL141dcDGCY",
"http://packetstormsecurity.com/files/150497/",
"https://github.com/Yoast/wordpress-seo/pull/11502/commits/3bfa70a143f5ea3ee1934f3a1703bb5caf139ffa"
],
"wpvulndb": [
"9150"
]
}
}
],
"version": {
"number": "8.0",
"confidence": 100,
"found_by": "Comment (Passive Detection)",
"interesting_entries": [
"https://www.example.com/, Match: 'optimized with the Yoast SEO plugin v8.0 -'"
],
"confirmed_by": {
"Readme - Stable Tag (Aggressive Detection)": {
"confidence": 80,
"interesting_entries": [
"https://www.example.com/wp-content/plugins/wordpress-seo/readme.txt"
]
},
"Readme - ChangeLog Section (Aggressive Detection)": {
"confidence": 50,
"interesting_entries": [
"https://www.example.com/wp-content/plugins/wordpress-seo/readme.txt"
]
}
},
"vulnerabilities": [
]
}
},
"wp-super-cache": {
"slug": "wp-super-cache",
"location": "https://www.example.com/wp-content/plugins/wp-super-cache/",
"latest_version": "1.6.5",
"last_updated": "2019-05-07T14:57:00.000Z",
"outdated": true,
"readme_url": null,
"changelog_url": null,
"directory_listing": null,
"error_log_url": null,
"found_by": "Comment (Passive Detection)",
"confidence": 30,
"interesting_entries": [
],
"confirmed_by": {
},
"vulnerabilities": [
],
"version": null
}
},
"config_backups": {
},
"stop_time": 1558431945,
"elapsed": 18,
"requests_done": 69,
"cached_requests": 5,
"data_sent": 13925,
"data_sent_humanised": "13.599 KB",
"data_received": 2955629,
"data_received_humanised": "2.819 MB",
"used_memory": 92839936,
"used_memory_humanised": "88.539 MB"
}