Get the most out of your Centmin Mod LEMP stack
Become a Member

Wordpress Wordpress 4.4.1 Security Release

Discussion in 'Blogs & CMS usage' started by eva2000, Jan 7, 2016.

  1. eva2000

    eva2000 Administrator Staff Member

    30,162
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    Wordpress 4.4.1 is out with security fixes for cross-site scripting vulnerability that can compromise Wordpress blog sites WordPress › WordPress 4.4.1 Security and Maintenance Release !

     
    • Informative Informative x 1
  2. eva2000

    eva2000 Administrator Staff Member

    30,162
    6,785
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,136
    Local Time:
    4:47 PM
    Nginx 1.13.x
    MariaDB 5.5
    WPScan was updated to detect this cross-site scripting vulnerability too Wordpress - How to install WPScan Vulnerability Scanner for Wordpress | Centmin Mod Community !

    Code:
    ruby wpscan.rb --url http://wordpress7.centminmod.com
    _______________________________________________________________
            __          _______   _____                 
            \ \        / /  __ \ / ____|                
             \ \  /\  / /| |__) | (___   ___  __ _ _ __ 
              \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
               \  /\  /  | |     ____) | (__| (_| | | | |
                \/  \/   |_|    |_____/ \___|\__,_|_| |_|
    
            WordPress Security Scanner by the WPScan Team
                           Version 2.9
              Sponsored by Sucuri - https://sucuri.net
       @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
    _______________________________________________________________
    
    [+] URL: http://wordpress7.centminmod.com/
    [+] Started: Wed Jan  6 21:20:54 2016
    
    [+] robots.txt available under: 'http://wordpress7.centminmod.com/robots.txt'
    [+] Interesting entry from robots.txt: http://wordpress7.centminmod.com/wp-admin/
    [+] Interesting header: LINK: <http://wordpress7.centminmod.com/wp-json/>; rel="https://api.w.org/"
    [+] Interesting header: SERVER: nginx centminmod
    [+] Interesting header: X-CACHE: HIT
    [+] Interesting header: X-CACHE-2: BYPASS
    [+] Interesting header: X-POWERED-BY: centminmod
    [+] This site has 'Must Use Plugins' (http://codex.wordpress.org/Must_Use_Plugins)
    [+] XML-RPC Interface available under: http://wordpress7.centminmod.com/xmlrpc.php
    
    [+] WordPress version 4.4.1 identified from advanced fingerprinting
    
    [+] Enumerating plugins from passive detection ...
    | 1 plugin found:
    
    [+] Name: wp-super-cache - v1.4.7
    |  Latest version: 1.4.7 (up to date)
    |  Location: http://wordpress7.centminmod.com/wp-content/plugins/wp-super-cache/
    |  Readme: http://wordpress7.centminmod.com/wp-content/plugins/wp-super-cache/readme.txt
    
    [+] Finished: Wed Jan  6 21:20:58 2016
    [+] Requests Done: 42
    [+] Memory used: 53.578 MB
    [+] Elapsed time: 00:00:03