marcoberri · August 17, 2016 15:42
diff --git a/wpscan.log b/wpscan.log
 root@kali:/usr/share/wordlists# wpscan --url www.<site>.com --enumerate u
 _______________________________________________________________
        __          _______   _____                  
        \ \        / /  __ \ / ____|                 
         \ \  /\  / /| |__) | (___   ___  __ _ _ __  
          \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \ 
           \  /\  /  | |     ____) | (__| (_| | | | |
            \/  \/   |_|    |_____/ \___|\__,_|_| |_|

        WordPress Security Scanner by the WPScan Team 
                       Version 2.9.1
          Sponsored by Sucuri - https://sucuri.net
   @_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
 _______________________________________________________________

 [+] URL: http://www.<site>.com/
 [+] Started: Wed Aug 17 10:53:20 2016

 [+] robots.txt available under: 'http://www.<site>.com/robots.txt'
 [+] Interesting entry from robots.txt: *
 [+] Interesting entry from robots.txt: http://www.<site>.com/$
 [+] Interesting entry from robots.txt: http://www.<site>.com/page/*/$
 [+] Interesting entry from robots.txt: http://www.<site>.com/wp-content/sitemaps/sitemap-news.xml
 [+] Interesting header: SERVER: Apache/2.2.22 (Debian)
 [+] Interesting header: X-POWERED-BY: PHP/5.4.39-0+deb7u1
 [+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)

 [i] WordPress version can not be detected

 [+] Enumerating plugins from passive detection ...

 [+] Name: contact-form-7
 |  Latest version: 4.4.2 
 |  Location: http://www.<site>.com/wp-content/plugins/contact-form-7/

 [!] We could not determine a version so all vulnerabilities are printed out

 [!] Title: Contact Form 7 <= 3.7.1 - Security Bypass Vulnerability
    Reference: https://wpvulndb.com/vulnerabilities/7020
    Reference: http://www.securityfocus.com/bid/66381/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2265
 [i] Fixed in: 3.7.2

 [!] Title: Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution
    Reference: https://wpvulndb.com/vulnerabilities/7022
    Reference: http://packetstormsecurity.com/files/124154/
 [i] Fixed in: 3.5.3

 [+] Name: dynamic-cookie-blocker
 |  Location: http://www.<site>.com/wp-content/plugins/dynamic-cookie-blocker/

 [+] Name: simple-share-buttons-adder
 |  Latest version: 6.1.5 
 |  Location: http://www.<site>.com/wp-content/plugins/simple-share-buttons-adder/

 [!] We could not determine a version so all vulnerabilities are printed out

 [!] Title: Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF
    Reference: https://wpvulndb.com/vulnerabilities/6045
    Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
    Reference: http://packetstormsecurity.com/files/127238/
    Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4717
    Reference: https://www.exploit-db.com/exploits/33896/
 [i] Fixed in: 4.5

 [!] Title: Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness
    Reference: https://wpvulndb.com/vulnerabilities/6046
    Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
    Reference: http://packetstormsecurity.com/files/127238/
    Reference: https://www.exploit-db.com/exploits/33896/
 [i] Fixed in: 4.5

 [!] Title: Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)
    Reference: https://wpvulndb.com/vulnerabilities/8021
    Reference: https://wordpress.org/plugins/simple-share-buttons-adder/
 [i] Fixed in: 6.0.1

 [+] Name: w3-total-cache - v0.9.4.1
 |  Latest version: 0.9.4.1 (up to date)
 |  Location: http://www.<site>.com/wp-content/plugins/w3-total-cache/
 |  Readme: http://www.<site>.com/wp-content/plugins/w3-total-cache/readme.txt
 |  Changelog: http://www.<site>.com/wp-content/plugins/w3-total-cache/changelog.txt

 [+] Enumerating usernames ...
 [+] Identified the following 8 user/s:
    +----+---------------------+----------------+
    | Id | Login               | Name           |
    +----+---------------------+----------------+
    | 1  | username1           |                |
    | 2  | username2           |                |
    | 5  | username3           |                |
    | 6  | username4           |                |
    +----+---------------------+----------------+

 [+] Finished: Wed Aug 17 10:56:47 2016
 [+] Requests Done: 77
 [+] Memory used: 38.652 MB
 [+] Elapsed time: 00:03:27
	root@kali:/usr/share/wordlists# wpscan --url www.<site>.com --enumerate u
	_______________________________________________________________
	__ _______ _____
	\ \ / / __ \ / ____\|
	\ \ /\ / /\| \|__) \| (___ ___ __ _ _ __
	\ \/ \/ / \| ___/ \___ \ / __\|/ _` \| '_ \
	\ /\ / \| \| ____) \| (__\| (_\| \| \| \| \|
	\/ \/ \|_\| \|_____/ \___\|\__,_\|_\| \|_\|

	WordPress Security Scanner by the WPScan Team
	Version 2.9.1
	Sponsored by Sucuri - https://sucuri.net
	@_WPScan_, @ethicalhack3r, @erwan_lr, pvdl, @_FireFart_
	_______________________________________________________________

	[+] URL: http://www.<site>.com/
	[+] Started: Wed Aug 17 10:53:20 2016

	[+] robots.txt available under: 'http://www.<site>.com/robots.txt'
	[+] Interesting entry from robots.txt: *
	[+] Interesting entry from robots.txt: http://www.<site>.com/$
	[+] Interesting entry from robots.txt: http://www.<site>.com/page/*/$
	[+] Interesting entry from robots.txt: http://www.<site>.com/wp-content/sitemaps/sitemap-news.xml
	[+] Interesting header: SERVER: Apache/2.2.22 (Debian)
	[+] Interesting header: X-POWERED-BY: PHP/5.4.39-0+deb7u1
	[+] This site seems to be a multisite (http://codex.wordpress.org/Glossary#Multisite)

	[i] WordPress version can not be detected

	[+] Enumerating plugins from passive detection ...

	[+] Name: contact-form-7
	\| Latest version: 4.4.2
	\| Location: http://www.<site>.com/wp-content/plugins/contact-form-7/

	[!] We could not determine a version so all vulnerabilities are printed out

	[!] Title: Contact Form 7 <= 3.7.1 - Security Bypass Vulnerability
	Reference: https://wpvulndb.com/vulnerabilities/7020
	Reference: http://www.securityfocus.com/bid/66381/
	Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2265
	[i] Fixed in: 3.7.2

	[!] Title: Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution
	Reference: https://wpvulndb.com/vulnerabilities/7022
	Reference: http://packetstormsecurity.com/files/124154/
	[i] Fixed in: 3.5.3

	[+] Name: dynamic-cookie-blocker
	\| Location: http://www.<site>.com/wp-content/plugins/dynamic-cookie-blocker/

	[+] Name: simple-share-buttons-adder
	\| Latest version: 6.1.5
	\| Location: http://www.<site>.com/wp-content/plugins/simple-share-buttons-adder/

	[!] We could not determine a version so all vulnerabilities are printed out

	[!] Title: Simple Share Buttons Adder 4.4 - options-general.php Multiple Admin Actions CSRF
	Reference: https://wpvulndb.com/vulnerabilities/6045
	Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
	Reference: http://packetstormsecurity.com/files/127238/
	Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4717
	Reference: https://www.exploit-db.com/exploits/33896/
	[i] Fixed in: 4.5

	[!] Title: Simple Share Buttons Adder 4.4 - options-general.php ssba_share_text Parameter Stored XSS Weakness
	Reference: https://wpvulndb.com/vulnerabilities/6046
	Reference: https://security.dxw.com/advisories/csrf-and-stored-xss-in-simple-share-buttons-adder/
	Reference: http://packetstormsecurity.com/files/127238/
	Reference: https://www.exploit-db.com/exploits/33896/
	[i] Fixed in: 4.5

	[!] Title: Simple Share Buttons Adder <= 6.0.0 - Reflected Cross-Site Scripting (XSS)
	Reference: https://wpvulndb.com/vulnerabilities/8021
	Reference: https://wordpress.org/plugins/simple-share-buttons-adder/
	[i] Fixed in: 6.0.1

	[+] Name: w3-total-cache - v0.9.4.1
	\| Latest version: 0.9.4.1 (up to date)
	\| Location: http://www.<site>.com/wp-content/plugins/w3-total-cache/
	\| Readme: http://www.<site>.com/wp-content/plugins/w3-total-cache/readme.txt
	\| Changelog: http://www.<site>.com/wp-content/plugins/w3-total-cache/changelog.txt

	[+] Enumerating usernames ...
	[+] Identified the following 8 user/s:
	+----+---------------------+----------------+
	\| Id \| Login \| Name \|
	+----+---------------------+----------------+
	\| 1 \| username1 \| \|
	\| 2 \| username2 \| \|
	\| 5 \| username3 \| \|
	\| 6 \| username4 \| \|
	+----+---------------------+----------------+

	[+] Finished: Wed Aug 17 10:56:47 2016
	[+] Requests Done: 77
	[+] Memory used: 38.652 MB
	[+] Elapsed time: 00:03:27