_______________________________________________________________

__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __ ®
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|

WordPress Security Scanner by the WPScan Team

Version 3.8.25
Sponsored by Automattic - https://automattic.com/
@_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

#[32m[+]#[0m URL: http://trilocor.local/ [10.129.197.150]

#[32m[+]#[0m Started: Fri May 3 12:20:41 2024

Interesting Finding(s):

#[32m[+]#[0m Headers
| Interesting Entry: Server: Apache/2.4.41 (Ubuntu)
| Found By: Headers (Passive Detection)
| Confidence: 100%

#[32m[+]#[0m WordPress version 5.8.3 identified (Insecure, released on 2022-01-06).

| Found By: Emoji Settings (Passive Detection)
| - http://trilocor.local/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?
ver=5.8.3'
| Confirmed By: Meta Generator (Passive Detection)
| - http://trilocor.local/, Match: 'WordPress 5.8.3'
|
| #[31m[!]#[0m 30 vulnerabilities identified:
|
| #[31m[!]#[0m Title: WordPress < 5.9.2 - Prototype Pollution in jQuery
| Fixed in: 5.8.4
| References:
| - https://wpscan.com/vulnerability/1ac912c1-5e29-41ac-8f76-a062de254c09
| - https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-
release/
|
| #[31m[!]#[0m Title: WordPress < 5.9.2 / Gutenberg < 12.7.2 - Prototype Pollution
via Gutenberg’s wordpress/url package
| Fixed in: 5.8.4
| References:
| - https://wpscan.com/vulnerability/6e61b246-5af1-4a4f-9ca8-a8c87eb2e499
| - https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-
release/
| - https://github.com/WordPress/gutenberg/pull/39365/files
|
| #[31m[!]#[0m Title: WP < 6.0.2 - Reflected Cross-Site Scripting
| Fixed in: 5.8.5
| References:
| - https://wpscan.com/vulnerability/622893b0-c2c4-4ee7-9fa1-4cecef6e36be
| - https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-
maintenance-release/
|
| #[31m[!]#[0m Title: WP < 6.0.2 - Authenticated Stored Cross-Site Scripting
| Fixed in: 5.8.5
| References:
 | - https://wpscan.com/vulnerability/3b1573d4-06b4-442b-bad5-872753118ee0
| - https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-
maintenance-release/
|
| #[31m[!]#[0m Title: WP < 6.0.2 - SQLi via Link API
| Fixed in: 5.8.5
| References:
| - https://wpscan.com/vulnerability/601b0bf9-fed2-4675-aec7-fed3156a022f
| - https://wordpress.org/news/2022/08/wordpress-6-0-2-security-and-
maintenance-release/
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Stored XSS via wp-mail.php
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/713bdc8b-ab7c-46d7-9847-305344a579c4
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/abf236fdaf94455e7bc6e30980cf7
0401003e283
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Open Redirect via wp_nonce_ays
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/926cd097-b36f-4d26-9c51-0dfab11c301b
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/506eee125953deb658307bb300541
7cb83f32095
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Email Address Disclosure via wp-mail.php
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/c5675b59-4b1d-4f64-9876-068e05145431
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/5fcdee1b4d72f1150b7b762ef5fb3
9ab288c8d44
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Reflected XSS via SQLi in Media Library
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/cfd8b50d-16aa-4319-9c2d-b227365c2156
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/8836d4682264e8030067e07f2f953
a0f66cb76cc
|
| #[31m[!]#[0m Title: WP < 6.0.3 - CSRF in wp-trackback.php
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/b60a6557-ae78-465c-95bc-a78cf74a6dd0
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/a4f9ca17fae0b7d97ff807a3c234c
f219810fae0
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Stored XSS via the Customizer
| Fixed in: 5.8.6
| References:
 | - https://wpscan.com/vulnerability/2787684c-aaef-4171-95b4-ee5048c74218
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/2ca28e49fc489a9bb3c9c9c0d8907
a033fe056ef
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Stored XSS via Comment Editing
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/02d76d8e-9558-41a5-bdb6-3957dc31563b
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/89c8f7919460c31c0f259453b4ffb
63fde9fa955
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Content from Multipart Emails Leaked
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/3f707e05-25f0-4566-88ed-d8d0aff3a872
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/3765886b4903b319764490d4ad590
5bc5c310ef8
|
| #[31m[!]#[0m Title: WP < 6.0.3 - SQLi in WP_Date_Query
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/1da03338-557f-4cb6-9a65-3379df4cce47
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/d815d2e8b2a7c2be6694b49276ba3
eee5166c21f
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Stored XSS via RSS Widget
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/58d131f5-f376-4679-b604-2b888de71c5b
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/929cf3cb9580636f1ae3fe944b8fa
f8cca420492
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Data Exposure via REST Terms/Tags Endpoint
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/b27a8711-a0c0-4996-bd6a-01734702913e
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| -
https://github.com/WordPress/wordpress-develop/commit/ebaac57a9ac0174485c65de3d32ea
56de2330d8e
|
| #[31m[!]#[0m Title: WP < 6.0.3 - Multiple Stored XSS via Gutenberg
| Fixed in: 5.8.6
| References:
| - https://wpscan.com/vulnerability/f513c8f6-2e1c-45ae-8a58-36b6518e2aa9
| - https://wordpress.org/news/2022/10/wordpress-6-0-3-security-release/
| - https://github.com/WordPress/gutenberg/pull/45045/files
|
| #[31m[!]#[0m Title: WP <= 6.2 - Unauthenticated Blind SSRF via DNS Rebinding
 | References:
| - https://wpscan.com/vulnerability/c8814e6e-78b3-4f63-a1d3-6906a84c1f11
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3590
| - https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/
|
| #[31m[!]#[0m Title: WP < 6.2.1 - Directory Traversal via Translation Files
| Fixed in: 5.8.7
| References:
| - https://wpscan.com/vulnerability/2999613a-b8c8-4ec0-9164-5dfe63adf6e6
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2745
| - https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-
release/
|
| #[31m[!]#[0m Title: WP < 6.2.1 - Thumbnail Image Update via CSRF
| Fixed in: 5.8.7
| References:
| - https://wpscan.com/vulnerability/a03d744a-9839-4167-a356-3e7da0f1d532
| - https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-
release/
|
| #[31m[!]#[0m Title: WP < 6.2.1 - Contributor+ Stored XSS via Open Embed Auto
Discovery
| Fixed in: 5.8.7
| References:
| - https://wpscan.com/vulnerability/3b574451-2852-4789-bc19-d5cc39948db5
| - https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-
release/
|
| #[31m[!]#[0m Title: WP < 6.2.2 - Shortcode Execution in User Generated Data
| Fixed in: 5.8.7
| References:
| - https://wpscan.com/vulnerability/ef289d46-ea83-4fa5-b003-0352c690fd89
| - https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-
release/
| - https://wordpress.org/news/2023/05/wordpress-6-2-2-security-release/
|
| #[31m[!]#[0m Title: WP < 6.2.1 - Contributor+ Content Injection
| Fixed in: 5.8.7
| References:
| - https://wpscan.com/vulnerability/1527ebdb-18bc-4f9d-9c20-8d729a628670
| - https://wordpress.org/news/2023/05/wordpress-6-2-1-maintenance-security-
release/
|
| #[31m[!]#[0m Title: WP 5.6-6.3.1 - Reflected XSS via Application Password
Requests
| Fixed in: 5.8.8
| References:
| - https://wpscan.com/vulnerability/da1419cc-d821-42d6-b648-bdb3c70d91f2
| - https://wordpress.org/news/2023/10/wordpress-6-3-2-maintenance-and-
security-release/
|
| #[31m[!]#[0m Title: WP < 6.3.2 - Denial of Service via Cache Poisoning
| Fixed in: 5.8.8
| References:
| - https://wpscan.com/vulnerability/6d80e09d-34d5-4fda-81cb-e703d0e56e4f
| - https://wordpress.org/news/2023/10/wordpress-6-3-2-maintenance-and-
security-release/
|
| #[31m[!]#[0m Title: WP < 6.3.2 - Subscriber+ Arbitrary Shortcode Execution
 | Fixed in: 5.8.8
| References:
| - https://wpscan.com/vulnerability/3615aea0-90aa-4f9a-9792-078a90af7f59
| - https://wordpress.org/news/2023/10/wordpress-6-3-2-maintenance-and-
security-release/
|
| #[31m[!]#[0m Title: WP < 6.3.2 - Contributor+ Comment Disclosure
| Fixed in: 5.8.8
| References:
| - https://wpscan.com/vulnerability/d35b2a3d-9b41-4b4f-8e87-1b8ccb370b9f
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39999
| - https://wordpress.org/news/2023/10/wordpress-6-3-2-maintenance-and-
security-release/
|
| #[31m[!]#[0m Title: WP < 6.3.2 - Unauthenticated Post Author Email Disclosure
| Fixed in: 5.8.8
| References:
| - https://wpscan.com/vulnerability/19380917-4c27-4095-abf1-eba6f913b441
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5561
| - https://wpscan.com/blog/email-leak-oracle-vulnerability-addressed-in-
wordpress-6-3-2/
| - https://wordpress.org/news/2023/10/wordpress-6-3-2-maintenance-and-
security-release/
|
| #[31m[!]#[0m Title: WordPress < 6.4.3 - Deserialization of Untrusted Data
| Fixed in: 5.8.9
| References:
| - https://wpscan.com/vulnerability/5e9804e5-bbd4-4836-a5f0-b4388cc39225
| - https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-
security-release/
|
| #[31m[!]#[0m Title: WordPress < 6.4.3 - Admin+ PHP File Upload
| Fixed in: 5.8.9
| References:
| - https://wpscan.com/vulnerability/a8e12fbe-c70b-4078-9015-cf57a05bdd4a
| - https://wordpress.org/news/2024/01/wordpress-6-4-3-maintenance-and-
security-release/

#[32m[+]#[0m WordPress theme in use: astra

| Location: http://trilocor.local/wp-content/themes/astra/
| Latest Version: 4.6.13
| Last Updated: 2024-04-25T00:00:00.000Z
| Style URL: http://trilocor.local/wp-content/themes/astra/style.css
|
| Found By: Urls In Homepage (Passive Detection)
|
| #[31m[!]#[0m 2 vulnerabilities identified:
|
| #[31m[!]#[0m Title: Astra < 4.6.9 - Contributor+ Stored XSS
| Fixed in: 4.6.9
| References:
| - https://wpscan.com/vulnerability/62871f3a-c9a8-49bb-b67b-143af3caa986
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2347
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed914e67-4cf7-
49b1-96be-ed8c604e6dce
|
| #[31m[!]#[0m Title: Astra < 4.6.5 - Editor+ Stored XSS via Theme Header/Footer
| Fixed in: 4.6.5
| References:
 | - https://wpscan.com/vulnerability/30fd2612-91f6-4c1b-8d0c-fa607edf4717
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29768
| - https://patchstack.com/database/vulnerability/astra/wordpress-astra-
theme-4-6-4-cross-site-scripting-xss-vulnerability
|
| The version could not be determined.

#[32m[+]#[0m Enumerating Vulnerable Plugins (via Aggressive Methods)

Checking Known Locations -: |

===================================================================================
=========================================|
#[32m[+]#[0m Checking Plugin Versions (via Aggressive Methods)

#[34m[i]#[0m Plugin(s) Identified:

#[32m[+]#[0m elementor
| Location: http://trilocor.local/wp-content/plugins/elementor/
| Last Updated: 2024-04-30T12:32:00.000Z
| #[33m[!]#[0m The version is out of date, the latest version is 3.21.4
|
| Found By: Known Locations (Aggressive Detection)
| - http://trilocor.local/wp-content/plugins/elementor/, status: 403
|
| #[31m[!]#[0m 10 vulnerabilities identified:
|
| #[31m[!]#[0m Title: Elementor < 3.5.6 - DOM Reflected Cross-Site Scripting
| Fixed in: 3.5.6
| References:
| - https://wpscan.com/vulnerability/9758570b-4729-4eef-ad52-b6e922f536d6
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29455
| - https://rotem-bar.com/hacking-65-million-websites-greater-cve-2022-29455-
elementor
|
| #[31m[!]#[0m Title: Elementor Website Builder < 3.12.2 - Admin+ SQLi
| Fixed in: 3.12.2
| References:
| - https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0329
|
| #[31m[!]#[0m Title: Elementor Website Builder < 3.13.2 - Missing Authorization
| Fixed in: 3.13.2
| Reference: https://wpscan.com/vulnerability/0b68091c-6a05-4f81-a718-
6ec139df2e96
|
| #[31m[!]#[0m Title: Elementor < 3.5.5 - Iframe Injection
| Fixed in: 3.5.5
| References:
| - https://wpscan.com/vulnerability/8273357e-f9e1-44bc-8082-8faab838eda7
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4953
| -
https://github.com/elementor/elementor/commit/292fc49e0f979bd52d838f0326d1faaebfa59
f5e
|
| #[31m[!]#[0m Title: Elementor Website Builder < 3.16.5 - Authenticated
(Contributor+) Stored Cross-Site Scripting via get_inline_svg()
| Fixed in: 3.16.5
| References:
| - https://wpscan.com/vulnerability/62b53acf-6551-4ea7-8727-039a3c9ba7ce
 | - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47505
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/b44ef21f-464e-
487a-ba5a-fe889e4c488c
|
| #[31m[!]#[0m Title: Elementor Website Builder < 3.16.5 - Missing Authorization
to Arbitrary Attachment Read
| Fixed in: 3.16.5
| References:
| - https://wpscan.com/vulnerability/e60f0f7e-4c3b-4107-803a-8e03526859ed
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47504
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/c873c76a-144e-
4945-8fa2-c9ffe0e3c061
|
| #[31m[!]#[0m Title: Elementor < 3.18.2 - Contributor+ Arbitrary File Upload to
RCE via Template Import
| Fixed in: 3.18.2
| References:
| - https://wpscan.com/vulnerability/a6b3b14c-f06b-4506-9b88-854f155ebca9
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48777
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/5b6d0a38-ac28-
41c9-9da1-b30b3657b463
|
| #[31m[!]#[0m Title: Elementor < 3.19.1 - Authenticated(Contributor+) Arbitrary
File Deletion and PHAR Deserialization
| Fixed in: 3.19.1
| References:
| - https://wpscan.com/vulnerability/4d7dfcc6-8c32-4e0d-b3bb-7e2685916e2b
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24934
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/4915b769-9499-
40ac-835e-279e3a910558
|
| #[31m[!]#[0m Title: Elementor Website Builder – More than Just a Page Builder <
3.19.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via get_image_alt
| Fixed in: 3.19.0
| References:
| - https://wpscan.com/vulnerability/57af46d9-9a26-4085-9829-e0add7893332
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0506
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-
40f5-b92b-167f76b17332
|
| #[31m[!]#[0m Title: Elementor Website Builder < 3.20.3 - Contributor+ DOM Stored
XSS
| Fixed in: 3.20.3
| References:
| - https://wpscan.com/vulnerability/22e8d017-79f5-40c8-8a2c-e0ee42ba80c8
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2117
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/c8d7448a-b8a6-
4b0b-92df-a15272fc56bf
|
| Version: 3.5.3 (100% confidence)
| Found By: Javascript Comment (Aggressive Detection)
| - http://trilocor.local/wp-content/plugins/elementor/assets/js/admin-
feedback.js, Match: 'elementor - v3.5.3'
| Confirmed By: Style Comment (Aggressive Detection)
| - http://trilocor.local/wp-content/plugins/elementor/assets/css/admin.min.css,
Match: 'elementor - v3.5.3'

#[32m[+]#[0m Enumerating Vulnerable Themes (via Passive and Aggressive Methods)

 Checking Known Locations -: |
===================================================================================
=========================================|
#[32m[+]#[0m Checking Theme Versions (via Passive and Aggressive Methods)

#[34m[i]#[0m Theme(s) Identified:

#[32m[+]#[0m astra
| Location: http://trilocor.local/wp-content/themes/astra/
| Latest Version: 4.6.13
| Last Updated: 2024-04-25T00:00:00.000Z
| Style URL: http://trilocor.local/wp-content/themes/astra/style.css
|
| Found By: Urls In Homepage (Passive Detection)
|
| #[31m[!]#[0m 2 vulnerabilities identified:
|
| #[31m[!]#[0m Title: Astra < 4.6.9 - Contributor+ Stored XSS
| Fixed in: 4.6.9
| References:
| - https://wpscan.com/vulnerability/62871f3a-c9a8-49bb-b67b-143af3caa986
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2347
| - https://www.wordfence.com/threat-intel/vulnerabilities/id/ed914e67-4cf7-
49b1-96be-ed8c604e6dce
|
| #[31m[!]#[0m Title: Astra < 4.6.5 - Editor+ Stored XSS via Theme Header/Footer
| Fixed in: 4.6.5
| References:
| - https://wpscan.com/vulnerability/30fd2612-91f6-4c1b-8d0c-fa607edf4717
| - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29768
| - https://patchstack.com/database/vulnerability/astra/wordpress-astra-
theme-4-6-4-cross-site-scripting-xss-vulnerability
|
| The version could not be determined.

#[32m[+]#[0m Enumerating Config Backups (via Passive and Aggressive Methods)

Checking Config Backups -: |

===================================================================================
==========================================|

#[34m[i]#[0m No Config Backups Found.

#[32m[+]#[0m Enumerating DB Exports (via Passive and Aggressive Methods)

Checking DB Exports -: |
===================================================================================
==============================================|

#[34m[i]#[0m No DB Exports Found.

#[32m[+]#[0m Enumerating Users (via Passive and Aggressive Methods)

Brute Forcing Author IDs -: |

===================================================================================
=========================================|

#[34m[i]#[0m No Users Found.

#[32m[+]#[0m WPScan DB API OK
| Plan: free
| Requests Done (during the scan): 3
| Requests Remaining: 22

#[32m[+]#[0m Finished: Fri May 3 12:21:51 2024

#[32m[+]#[0m Requests Done: 8281
#[32m[+]#[0m Cached Requests: 19
#[32m[+]#[0m Data Sent: 1.825 MB
#[32m[+]#[0m Data Received: 4.326 MB
#[32m[+]#[0m Memory used: 309.961 MB
#[32m[+]#[0m Elapsed time: 00:01:10