See: -http://everythingmormon.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.everythingmormon.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : (active1) -http://www.everythingmormon.com/wp-includes/js/jquery/jquery.js?ver=1.11.3
(active) - the library was also found to be active by running code
1 vulnerable library detected
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
wordpress-seo 1.7.4 latest release (3.0.7) Update required
https://yoast.com/wordpress/plugins/seo/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
Warning User Enumeration is possible User: admin Login: admin
Re: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.everythingmormon.com%2Fwp-includes%2Fjs%2Fwp-embed.min.js%3Fver%3D4.4.2 landing here: Results from scanning URL: -//edge.quantserve.com/quant.js
Number of sources found: 6
Number of sinks found: 2 which could come blocked uBlock₀ has prevented the following page from loading:
-http://edge.quantserve.com/quant.js
Because of the following filter
-||edge.quantserve.com^
Found in: hpHosts’ Ad and tracking servers • MVPS HOSTS
I also see an insecure log-in here: http://www.everythingmormon.com/wp-login.php?redirect_to=http%3A%2F%2Fwww.everythingmormon.com%2Fwp-admin%2F&reauth=1
Insecure login (1)
Password will be transmited in clear to http://www.everythingmormon.com/wp-login.php
57% of the trackers on this site could be protecting you from NSA snooping. Tell everythingmormon.com to fix it.
pol