------------------------------------------------------------------------------------------------ # WordPress $ wpscan --url https://targetsite.com/ _______________________________________________________________ __ _______ _____ \ \ / / __ \ / ____| \ \ /\ / /| |__) | (___ ___ __ _ _ __ ® \ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \ \ /\ / | | ____) | (__| (_| | | | | \/ \/ |_| |_____/ \___|\__,_|_| |_| WordPress Security Scanner by the WPScan Team Version 3.8.2 Sponsored by Automattic - https://automattic.com/ @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart _______________________________________________________________ [+] URL: https://targetsite.com/ [XXX.XX.XXX.XXX] [+] Started: Mon Nov 30 02:14:21 2020 Interesting Finding(s): [+] Headers | Interesting Entry: server: Apache | Found By: Headers (Passive Detection) | Confidence: 100% [+] https://targetsite.com/robots.txt | Interesting Entries: | - /wp-admin/ | - /wp-admin/admin-ajax.php | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% [+] XML-RPC seems to be enabled: https://targetsite.com/xmlrpc.php | Found By: Direct Access (Aggressive Detection) | Confidence: 100% | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access [+] This site has 'Must Use Plugins': https://targetsite.com/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins [+] The external WP-Cron seems to be enabled: https://targetsite.com/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 [+] WordPress version 5.5.3 identified (Latest, released on 2020-10-30). | Found By: Rss Generator (Passive Detection) | - https://targetsite.com/feed/, https://wordpress.org/?v=5.5.3 | - https://targetsite.com/comments/feed/, https://wordpress.org/?v=5.5.3 [+] WordPress theme in use: revolution | Location: https://targetsite.com/wp-content/themes/revolution/ | Style URL: https://targetsite.com/wp-content/themes/revolution/style.css?ver=2.3.5 | Style Name: Revolution | Style URI: https://themeforest.net/item/revolution-creative-portfolio-theme/17870799 | Description: A Premium theme for magazine, editor, community and more! WordPress Theme by