Author Topic: Vulnerable insecure Word Press website launches malware.. (Read 881 times)

polonus · « **on:** August 10, 2020, 07:14:13 PM »

7 issues: outdated plug-ins:    Plugin   Update Status   About
mailpoet 3.47.6   Warning   latest release (3.48.0)
http://www.mailpoet.com
revslider    Unknown
woocommerce 4.2.0   Warning   latest release (4.3.1)
https://woocommerce.com/
wp-customer-reviews 3.4.1   Warning   latest release (3.4.2)
http://www.gowebsolutions.com/wp-customer-reviews/
formidable 4.05.02   Warning   latest release (4.06.02)
https://formidableforms.com/
wordpress-seo 14.4.1   Warning   latest release (14.7)
https://yoa.st/1uj
wp-rocket    Unknown

User-enumeration not set on disabled: User Enumeration
The first two user ID's were tested to determine if user enumeration is possible.

Username   Name
ID: 1   admin-p8
ID: 2   rob-snijders

emotet and heodo infested: https://urlhaus.abuse.ch/url/428498/

Retirable jQuery library detected: https://retire.insecurity.today/#!/scan/904166e5d89a103e85c5767a21cebb2a91cda80bbca29d4e2c56c4dc3660cf4e

608 hints to improve site and site's security: https://webhint.io/scanner/f6d1e930-6a0a-4ea7-9371-bbfa97465646

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)