And it is more often found that client-side and webserver side "won't always play ball as it should", so to put it.
The second above example can also open up to: -https://tequila-stuff.com/wp-content/plugins/penci-recipe/js/jquery.rateyo.min.js
Number of sources found: 17
Number of sinks found: 2
Consider flaws there:
https://sitecheck.sucuri.net/results/https/tequila-stuff.comSee also:
https://retire.insecurity.today/#!/scan/7c48470ecfb90afb98d030da83bfae15ba8886d3075d3e4886526acfd8141f841 vuln. jQuery library detected.
Server flaws:
http://nginx.org/en/security_advisories.html because of Outdated Software Detected - Nginx under 1.17.3
Outdated plug-in contact-form-7 5.1.4 latest release (5.1.6)
https://contactform7.com/Also outdated -> google-analytics-for-wordpress 7.8.0 latest release (7.10.1)
https://www.monsterinsights.com/Wrong Configuration of CMS: User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.
ID User Login
1 None topup
2 None None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Google Safe Browse checks have been performed on each of the linked sites. Links with poor reputation could be a threat to users of the site. Hosting and location are also included in the results.
Externally Linked Host Hosting Provider Country
-www.facebook.com Facebook. Ireland
-twitter.com Twitter Inc. United States
-soledad.pencidesign.com Linode United States
-wordpress.org SingleHop LLC United States
-topup.bet Choopa Singapore
On hoster exploitable nginxVersion: 1.15.9 (Febr. last main) see:
https://github.com/nixawk/labs/issues/15polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
See:
https://www.shodan.io/host/140.82.52.247
