Insecure tracking: Website is insecure by default
100% of the trackers on this site could be protecting you from NSA snooping. Tell -royalcbd.com to fix it.
Identifiers | All Trackers
Insecure Identifiers
Unique IDs about your web browsing habits have been insecurely sent to third parties.
-royalcbd.com__cfduid
-d4caad975332e7cd32XXXXXXXXXX36fef1583162006 ajax.cloudflare.com__cfduid
Tracking IDs could be sent safely if this site was secure.
Vulnerable PHP: PHP, headers - 7.2.27
6.4
CVE-2020-7061
In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.
6.4
CVE-2020-7063
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.
5
CVE-2018-19935
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
5
CVE-2020-7062
In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.
4.3
Some work to do for those website developers and - admins sitting at home to get such websites a tad more secure
The following plugins were detected by reading the HTML source of the WordPress sites front page.
affiliate-wp
shopkeeper-extender
woo-gutenberg-products-block 2.5.14 latest release (2.5.14)
https://github.com/woocommerce/woocommerce-gutenberg-products-block
yith-woocommerce-waiting-list-premium
jetpack 8.3 latest release (8.3)
https://jetpack.com
woocommerce-gateway-authorize-net-cim
contact-form-7 5.1.7 latest release (5.1.7)
https://contactform7.com/
elementor-pro
klaviyo 2.1.7 latest release (2.1.7)
https://wordpress.org/plugins/klaviyo/
ultimate-elementor
woocommerce 4.0.1 latest release (4.0.1)
https://woocommerce.com/
js_composer
age-gate latest release (2.5.0)
https://agegate.io/
yith-woocommerce-anti-fraud-premium 1.2.9
yith-woocommerce-wishlist latest release (3.0.9)
https://yithemes.com/themes/plugins/yith-woocommerce-wishlist/
woocommerce-all-products-for-subscriptions 3.1.6
woo-variation-swatches latest release (1.0.78)
https://wordpress.org/plugins/woo-variation-swatches/
elementor 2.9.6 latest release (2.9.6)
https://elementor.com/
shopkeeper-deprecated
woocommerce-square 2.1.1 latest release (2.1.1)
https://woocommerce.com/products/square/
wc-aelia-foundation-classes
shopkeeper-portfolio
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
There are likely more plugins installed than those listed here as the detection method used here is passive. While these results give an indication of the status of plugin updates, a more comprehensive assessment should be undertaken by brute forcing the plugin paths using a dedicated tool.
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklis: OK
polonus (volunteer 3rd party cold rec on website security analyst and website error-hunter)
