Vulnerabilities that will be found on average Word Press websites!

[polonus]

Just this glitch, directory listing enabled with Word Press CMS.

Re: https://webcookies.org/cookies/c-change.org.uk/11112539
1 vuln. library: http://retire.insecurity.today/#!/scan/22bd631d342cde9e0cc86c663096883e2cdb05abc998d5dfbfef8ec1c6b7ce33
F-grade and recommendations: https://observatory.mozilla.org/analyze.html?host=c-change.org.uk

Warning Directory Indexing Enabled in Word Press CMS.
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled


Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Loaded OK: -https://c-change.org.uk/wp-includes/
GoogleSafe:
OK   Load:
544ms   Server: 89.145.103.204 ( X-Powered-By: PHP/5.6.32 The header exposes version details )
LiteSpeed   ASN: 29017 United-Kingdom
Gyron Internet Ltd   Reverse DNS:
89-145-103-204.static.directrouter.com

B-status Privacy Impact score isn't bad, not bad at all -

polonus

[polonus]

Another one with glitches: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=gc5.pl&ref_sel=GSP2&ua_sel=ff&fs=1
retirables 1: http://retire.insecurity.today/#!/scan/6ec32a9c074bbcc5feccb415751ca236dd7506a61c610b6f80b2e2001c2375e9

Server version info proliferation: Server: Apache/2.4.7 (Ubuntu) more proliferation: X-Powered-By: PHP/5.5.9-1ubuntu4.22 *
* vulnerable to injector exploits -  authentication bypass issue on gauge.php lead etc.

F-grade status and recommendations: https://observatory.mozilla.org/analyze.html?host=gc5.pl
also see: https://webcookies.org/scan/11478601/force
Needs updating: Web application version:
Wordpress Version 4.7.x/4.8 based on: -https://gc5.pl//wp-admin/js/editor-expand.js
WordPress version: 4.7.x/4.8
WordPress theme: -https://gc5.pl/wp-content/themes/gc5/  with error

-gc5.pl/wp-admin/js/editor-expand.js
     info: [decodingLevel=0] found JavaScript
     error: undefined function $

What insecurity with server version info proliferation and -wp-admin/js/editor-expand.js accessible with PHP programmers to manage it    e.g. Apache/2.4.7 Ubuntu webserver info proliferation & wp-admin/js/ extra link

Witamy w Global Control 5 Jeste\305\233my producentem zaawansowanych technologicznie rozwi\304\205za\305\204 z zakresu automatyki budynkowej. Firma zosta\305\202a za\305\202o\305\274ona w 2015 roku i jest stowarzyszona w Grupie JW Projan.\302\240GC5 tworz\304\205 specjali\305\233ci, kt\303\263rzy od lat profesjonalnie zajmuj\304\205 si\304\231 zaawansowanymi systemami w dziedzinie automatyki...

polonus (volunteer website security analyst and website error-hunter)