------------------------------------------------------------------------------------------------
# WordPress
$ wpscan --url https://targetsite.com/
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 3.8.2
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________
[+] URL: https://targetsite.com/ [XXX.XX.XXX.XXX]
[+] Started: Mon Nov 30 02:14:21 2020
Interesting Finding(s):
[+] Headers
| Interesting Entry: server: Apache
| Found By: Headers (Passive Detection)
| Confidence: 100%
[+] https://targetsite.com/robots.txt
| Interesting Entries:
| - /wp-admin/
| - /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%
[+] XML-RPC seems to be enabled: https://targetsite.com/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| - http://codex.wordpress.org/XML-RPC_Pingback_API
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner
| - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login
| - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access
[+] This site has 'Must Use Plugins': https://targetsite.com/wp-content/mu-plugins/
| Found By: Direct Access (Aggressive Detection)
| Confidence: 80%
| Reference: http://codex.wordpress.org/Must_Use_Plugins
[+] The external WP-Cron seems to be enabled: https://targetsite.com/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| - https://www.iplocation.net/defend-wordpress-from-ddos
| - https://github.com/wpscanteam/wpscan/issues/1299
[+] WordPress version 5.5.3 identified (Latest, released on 2020-10-30).
| Found By: Rss Generator (Passive Detection)
| - https://targetsite.com/feed/, https://wordpress.org/?v=5.5.3
| - https://targetsite.com/comments/feed/, https://wordpress.org/?v=5.5.3
[+] WordPress theme in use: revolution
| Location: https://targetsite.com/wp-content/themes/revolution/
| Style URL: https://targetsite.com/wp-content/themes/revolution/style.css?ver=2.3.5
| Style Name: Revolution
| Style URI: https://themeforest.net/item/revolution-creative-portfolio-theme/17870799
| Description: A Premium theme for magazine, editor, community and more! WordPress Theme by