Another vulnerable website with WordPress CMS issues!

See: Server: Apache
X-Powered-By: PHP/5.3.29-pl0-gentoo → PHP Version: 5.3.29-pl0-gentoo (Outdated)
IP Address: 206.188.193.6
Provider: Network Solutions, LLC
Country: United States
WordPress version 1.3.6.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.

jetpack latest release (3.9.1)
http://jetpack.me
podcasting
contact-form-7 latest release (4.3.1)
http://contactform7.com/
podpress
simple-staff-list latest release (1.19)
https://wordpress.org/plugins/simple-staff-list/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible. brandon and funcadmin log-ins.

Retirable libraries: -http://richmondfumc.org/
Detected libraries:
jquery-migrate - 1.2.1 : -http://richmondfumc.org/wordpress/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
swfobject - 2.2 : -http://richmondfumc.org/wordpress/wp-includes/js/swfobject.js?ver=2.2-20120417
jquery - 1.11.3 : (active1) -http://richmondfumc.org/wordpress/wp-includes/js/jquery/jquery.js?ver=1.11.3
(active) - the library was also found to be active by running code
1 vulnerable library detected

Scripts 3 issues
Tag Result

Missing SRI hash Missing SRI hash Missing SRI hash

Site is not malicious or suspicious per se, but has insecurity and vulnerability.

Issues: http://www.dnsinspect.com/richmondfumc.org/1455900963
Found mail servers with inconsistent reverse DNS entries. You should fix them if you are using those servers to send email.

8 problems flagged here: https://mxtoolbox.com/domain/richmondfumc.org/

And consider where this scan will land: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fs0.wp.com%2Fwp-content%2Fjs%2Fdevicepx-jetpack.js%3Fver%3D201607

polonus (volunteer website security analyst and website error-hunter)