Example of a vulnerable Word Press http website,Remember WordPress is a weak and vulnerable CMS based on PHP,
see how vulnerable it can be to specific downgrade network attacks, random example:
via ",/$.getScript(%27https://localhost/test.js%27,function(){})" , which is a DOM-XSS attack ->
like here -htxp://paragon.net.uk/$.getScript(%27https://localhost/test.js%27,function(){}}
opening up to: -https://www.heg.com/wp-content/themes/renova/assets/js/bootstrap-modal.js?ver=4.9.13
which is a blacklisted site:
https://sitecheck.sucuri.net/results/https/www.heg.com/wp-content/themes/renova/assets/js/bootstrap-modal.js?q=ver%3D4.9.13 (Outdated
http://httpd.apache.org/security/vulnerabilities_22.html This is probably why this attack succeeded!).
Resulting in: Number of sources found: 41 ; Number of sinks found: 17
Source link: DOM XSS script -> script source: SANS Cyber Security Certs & Research.
A HTTPS Everywhere extension in your browser will block this uri inside the browser,
else a HEG main page may open up from HEG (=Host Europe Group), now part of GoDaddy's.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)