[[email protected] wpscan]$ ./wpscan.rb --url http://www.stuccoweb.com/
_______________________________________________________________
__ _______ _____
\ \ / / __ \ / ____|
\ \ /\ / /| |__) | (___ ___ __ _ _ __
\ \/ \/ / | ___/ \___ \ / __|/ _` | '_ \
\ /\ / | | ____) | (__| (_| | | | |
\/ \/ |_| |_____/ \___|\__,_|_| |_|
WordPress Security Scanner by the WPScan Team
Version 2.8
Sponsored by Sucuri - https://sucuri.net
@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
_______________________________________________________________
[+] URL: http://www.stuccoweb.com/
[+] Started: Fri Jul 3 08:32:48 2015
[+] robots.txt available under: 'http://www.stuccoweb.com/robots.txt'
[!] The WordPress 'http://www.stuccoweb.com/readme.html' file exists exposing a version number
[+] Interesting header: LINK: <http://www.stuccoweb.com/>; rel=shortlink
[+] Interesting header: SERVER: Apache/2.2.22 (Debian)
[+] Interesting header: SET-COOKIE: qtrans_cookie_test=qTranslate+Cookie+Test; path=/; domain=www.stuccoweb.com
[+] Interesting header: SET-COOKIE: wfvt_511116131=55968f104c014; expires=Fri, 03-Jul-2015 14:03:04 GMT; path=/; httponly
[+] Interesting header: X-POWERED-BY: PHP/5.4.41-0+deb7u1
[+] XML-RPC Interface available under: http://www.stuccoweb.com/xmlrpc.php
[+] WordPress version 4.2.2 identified from stylesheets numbers
[+] WordPress theme in use: Avada-Child-Theme
[+] Name: Avada-Child-Theme
| Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada-Child-Theme/
| Style URL: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada-Child-Theme/style.css
| Theme Name: Avada Child
| Description: Child theme for the Avada
| Author: Your name here
[+] Detected parent theme: Avada - v3.6.2
[+] Name: Avada - v3.6.2
| Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada/
| Changelog: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada/changelog.txt
| Style URL: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/themes/Avada/style.css
| Theme Name: Avada
| Theme URI: http://theme-fusion.com/avada/
| Description: A business, portfolio and blog theme.
| Author: ThemeFusion
| Author URI: http://themeforest.net/user/ThemeFusion
[+] Enumerating plugins from passive detection ...
| 4 plugins found:
[+] Name: LayerSlider
| Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/LayerSlider/
[!] We could not determine a version so all vulnerabilities are printed out
[!] Title: LayerSlider 4.6.1 - Style Editing CSRF
Reference: https://wpvulndb.com/vulnerabilities/7152
Reference: http://packetstormsecurity.com/files/125637/
Reference: https://secunia.com/advisories/57930/
Reference: http://osvdb.org/show/osvdb/104393
[!] Title: LayerSlider 4.6.1 - Remote Path Traversal File Access
Reference: https://wpvulndb.com/vulnerabilities/7153
Reference: http://packetstormsecurity.com/files/125637/
Reference: https://secunia.com/advisories/57309/
Reference: http://osvdb.org/show/osvdb/104394
[+] Name: google-plus-badge - v1.4.1
| Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/google-plus-badge/
| Readme: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/google-plus-badge/readme.txt
[+] Name: qtranslate - v2.5.39
| Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/qtranslate/
| Readme: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/qtranslate/readme.txt
[!] Title: qTranslate 2.5.34 - Setting Manipulation CSRF
Reference: https://wpvulndb.com/vulnerabilities/6846
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3251
Reference: https://secunia.com/advisories/53126/
Reference: http://osvdb.org/show/osvdb/93873
[+] Name: revslider
| Location: http://www.stuccoweb.com/[wp](http://codex.wordpress.org/Plugin_API/Action_Reference/wp)-content/plugins/revslider/
[!] We could not determine a version so all vulnerabilities are printed out
[!] Title: WordPress Slider Revolution Local File Disclosure
Reference: https://wpvulndb.com/vulnerabilities/7540
Reference: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
Reference: http://marketblog.envato.com/general/affected-themes/
Reference: http://packetstormsecurity.com/files/129761/
Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1579
Reference: http://osvdb.org/show/osvdb/109645
Reference: https://www.exploit-db.com/exploits/34511/
Reference: https://www.exploit-db.com/exploits/36039/
[i] Fixed in: 4.1.5
[!] Title: WordPress Slider Revolution Shell Upload
Reference: https://wpvulndb.com/vulnerabilities/7954
Reference: https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/
Reference: http://osvdb.org/show/osvdb/115118
Reference: https://www.rapid7.com/db/modules/exploit/unix/webapp/wp_revslider_upload_execute
Reference: https://www.exploit-db.com/exploits/35385/
[i] Fixed in: 3.0.96
[+] Finished: Fri Jul 3 08:34:28 2015
[+] Requests Done: 176
[+] Memory used: 21.914 MB
[+] Elapsed time: 00:01:39