The website has various security issues, that should be tackled a.s.a.p.
Word Press CMS version is outdated: 4.9.19
User enumeration is left as enabled for user, download-directory listing has been left as enabled.
The following plugins were detected by reading the HTML source of the WordPress sites front page.
Plugin Update Status About
contact-form-7 5.0.5 Warning latest release (5.5.6)
https://contactform7.com/supportcandy 1.1.4 Warning latest release (2.3.0)
https://wordpress.org/plugins/supportcandy/event-geek 2.5.2 Unknown
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths using a dedicated tool.
Here the website has been qualified as potentially suspicious and has blacklisted links:
https://quttera.com/detailed_report/ecl.huLibraries to be retired:
bootstrap 3.3.7 Found in -https://ecl.hu/wp-content/themes/graphene/bootstrap/js/bootstrap.min.js?ver=2018.09.01 _____Vulnerability info:
Medium 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
Medium XSS is possible in the data-target attribute. CVE-2016-10735
jquery 1.12.4 Found in -https://ecl.hu/wp-includes/js/jquery/jquery.js?ver=1.12.4 _____Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Medium CVE-2020-11022 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
Medium CVE-2020-11023 Regex in its jQuery.htmlPrefilter sometimes may introduce XSS 1
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
