It is been flagged here: http://killmalware.com/epinosh.com/#
WordPress: WordPress Version
3.9.11
Version does not appear to be latest 4.4.2 - update now.
WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
drop-cap-shortcode latest release (1.3)
http://ekakurniawan.com/
digg-digg latest release (5.3.6)
http://bufferapp.com/diggdigg
jetpack latest release (3.9.1)
http://jetpack.me
jquery-vertical-accordion-menu latest release (3.1.2)
http://www.designchemical.com/blog/index.php/wordpress-plugins/wordpress-plugin-jquery-vertical-accordion-menu-widget/
simple-pull-quote latest release (1.5)
http://www.themightymo.com/simple-pull-quote
contact-form-7 latest release (4.3.1)
http://contactform7.com/
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible. :o
(at least you have to has access to that level to do something with such data…)
ID User Login
1 epiNosh admin
Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Possible Frontend SPOF from:
fonts.googleapis.com - Whitelist
(55%) -
s0.wp.com - Whitelist
(0%) -
40% of the trackers on this site could be protecting you from NSA snooping. Tell epinosh.com to fix it.
Unique IDs about your web browsing habits have been insecurely sent to third parties.
d33bce4dxxxxxxxxxxx7789c73199561447175587 zonehmirrors.org __cfduid
At least 5 third parties know you are on this webpage.
Google
Google
www.epinosh.com
zonehmirrors.org
www.mustbebuilt.co.uk www.mustbebuilt.co.uk
Vulnerable jQuery library:
-http://www.epinosh.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://www.epinosh.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.0 :- http://www.epinosh.com/wp-includes/js/jquery/jquery.js?ver=1.11.0
jquery.prettyPhoto - 3.1.3 : -http://www.epinosh.com/wp-content/themes/emotive/js/prettyphoto/js/jquery.prettyPhoto.js?ver=3.1.3
Info: Severity: high
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6837&cid=3
Info: Severity: high
https://github.com/scaron/prettyphoto/issues/149
https://blog.anantshri.info/forgotten_disclosure_dom_xss_prettyphoto
2 vulnerable libraries detected
linked javascript: //s1.wp.com/home.logged-out/js/modernizr.js?v=1446464239
Status code: GoogleBot returned code 302 to /
Google Chrome returned code 302 to /
polonus