- WPBin

[[email protected] wpscan]$ ./wpscan.rb --url http://www.stuccoweb.com/
_______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __  
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.8
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________

[+] URL: http://www.stuccoweb.com/
[+] Started: Fri Jul  3 08:32:48 2015

[+] robots.txt available under: 'http://www.stuccoweb.com/robots.txt'
[!] The WordPress 'http://www.stuccoweb.com/readme.html' file exists exposing a version number
[+] Interesting header: LINK: <http://www.stuccoweb.com/>; rel=shortlink
[+] Interesting header: SERVER: Apache/2.2.22 (Debian)
[+] Interesting header: SET-COOKIE: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.stuccoweb.com
[+] Interesting header: SET-COOKIE: wfvt_511116131=55968f104c014; expires=Fri, 03-Jul-2015 14:03:04 GMT; path=/; httponly
[+] Interesting header: X-POWERED-BY: PHP/5.4.41-0+deb7u1
[+] XML-RPC Interface available under: http://www.stuccoweb.com/xmlrpc.php

[+] WordPress version 4.2.2 identified from stylesheets numbers

[+] WordPress theme in use: Avada-Child-Theme

[+] Name: Avada-Child-Theme
 |  Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada-Child-Theme/
 |  Style URL: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada-Child-Theme/style.css
 |  Theme Name: Avada Child
 |  Description: Child theme for the Avada
 |  Author: Your name here

[+] Detected parent theme: Avada - v3.6.2

[+] Name: Avada - v3.6.2
 |  Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada/
 |  Changelog: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada/changelog.txt
 |  Style URL: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada/style.css
 |  Theme Name: Avada
 |  Theme URI: http://theme-fusion.com/avada/
 |  Description: A business, portfolio and blog theme.
 |  Author: ThemeFusion
 |  Author URI: http://themeforest.net/user/ThemeFusion

[+] Enumerating plugins from passive detection ...
 | 4 plugins found:

[+] Name: LayerSlider
 |  Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/LayerSlider/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: LayerSlider 4.6.1 - Style Editing CSRF
    Reference: https://wpvulndb.com/vulnerabilities/7152
    Reference: http://packetstormsecurity.com/files/125637/
    Reference: https://secunia.com/advisories/57930/
    Reference: http://osvdb.org/show/osvdb/104393

[!] Title: LayerSlider 4.6.1 - Remote Path Traversal File Access
    Reference: https://wpvulndb.com/vulnerabilities/7153
    Reference: http://packetstormsecurity.com/files/125637/
    Reference: https://secunia.com/advisories/57309/
    Reference: http://osvdb.org/show/osvdb/104394

[+] Name: google-plus-badge - v1.4.1
 |  Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/google-plus-badge/
 |  Readme: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/google-plus-badge/readme.txt

[+] Name: qtranslate - v2.5.39
 |  Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/qtranslate/
 |  Readme: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/qtranslate/readme.txt

[!] Title: qTranslate 2.5.34 - Setting Manipulation CSRF
    Reference: https://wpvulndb.com/vulnerabilities/6846
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3251
    Reference: https://secunia.com/advisories/53126/
    Reference: http://osvdb.org/show/osvdb/93873

[+] Name: revslider
 |  Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/revslider/

[!] We could not determine a version so all vulnerabilities are printed out

[!] Title: WordPress Slider Revolution Local File Disclosure
    Reference: https://wpvulndb.com/vulnerabilities/7540
    Reference: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
    Reference: http://marketblog.envato.com/general/affected-themes/
    Reference: http://packetstormsecurity.com/files/129761/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1579
    Reference: http://osvdb.org/show/osvdb/109645
    Reference: https://www.exploit-db.com/exploits/34511/
    Reference: https://www.exploit-db.com/exploits/36039/
[i] Fixed in: 4.1.5

[!] Title: WordPress Slider Revolution Shell Upload
    Reference: https://wpvulndb.com/vulnerabilities/7954
    Reference: https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
    Reference: http://osvdb.org/show/osvdb/115118
    Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_revslider_upload_execute
    Reference: https://www.exploit-db.com/exploits/35385/
[i] Fixed in: 3.0.96

[+] Finished: Fri Jul  3 08:34:28 2015
[+] Requests Done: 176
[+] Memory used: 21.914 MB
[+] Elapsed time: 00:01:39
Codex Entries
