WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.6
WordPress Version
4.1.12
Version does not appear to be latest 4.6 - update now.
(active) - the library was also found to be active by running code
2 vulnerable libraries detected
Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.
ID User Login
1 admin admin
2 None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Warning Directory Indexing Enabled
In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Websense ThreatSeeker alerts Malicious site - Has * undefined return value. "When you have a problem that can only be resolved with regular expressions, you actually have two problems - /([^?=&]+)=([^&]*)/g and have your params be (match, key, value) info credit StackOverflow’s Alex.
Original htxp://resources.infolinks.com/js/infolinks_main.js has the “-ib.adnxs.com”-virus
found JavaScript
error: undefined function console.log
error: undefined variable location.search
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var location.search = 1;
error: line:1: ....^
info: [element] URL=127.0.0.1/undefined
info: [element] URL=-ib.adnxs dot com/getuid?%2F%2Frouter.infolinks dot com%2Fdyn%2Fan-usersync%3Fid%3D%24UID *
info: [decodingLevel=1] found JavaScript
Quote from js unpack validation.
* Page blocked by Dr.Web Link Checker
Dr.Web prevents you from following the advertising link to ensure your privacy. If you still want to follow this link, click the “Open incognito” button. In this case, your browser will open the link in incognito mode. If you do not want to receive such warnings, change the lock level settings of Dr.Web Link Checker.
polonus (volunteer website security analyzer and website error-hunter)
P.S. @ DavidR - When DrWeb URL Checker prevents following that link, then why AOS does not? Puzzling to me this…
I don’t believe the AOS scans ahead/proactively like DrWeb URL Checker.
If you cast your mind back to when A V G used to scan URLs in the page you were viewing it really slowed down browsing. The complaints that generated I believed killed that function.
