-pw domain alert and CMS and other insecurities...

Viruses and worms
1

Re: https://urlquery.net/report/fd0a59ab-4309-47b0-b2a8-bf5c66b85a79
Word Press outdated plug-ins:

woocommerce 3.4.3	latest release (3.4.5) Update required

https://woocommerce.com/
wordpress-seo 7.8 latest release (8.1.2) Update required
https://yoa.st/1uj
wysija-newsletters 2.8.2 latest release (2.9) Update required
http://www.mailpoet.com/
contact-form-7 5.0.3 latest release (5.0.4) Update required
https://contactform7.com/

Warning User Enumeration is possible
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 admin admin
2 None None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring.
As this will reduce the chance of automated password attackers gaining access.
However it is important to understand that if the author archives are enabled,
it is usually possible to enumerate all users within a WordPress installation.

224 security errors → https://webhint.io/scanner/d574e93b-58c7-4933-b3ca-27d0b036bdf4

2 vulnerable jQueries detected: https://retire.insecurity.today/#!/scan/0c10f34a72980270e05129dffc4ebc94a4a760fd398f2813886c2b4b8328675e
compare with SNYK’s findings: CLOSE DETAILS
ERROR

‘jQuery@1.12.4’ has 1 known vulnerability (1 medium). See ‘https://snyk.io/vuln/npm:jquery’ for more information.

-http://secpl2.secretlab.pw/

ERROR

‘jQuery UI@1.11.4’ has 1 known vulnerability (1 high). See ‘https://snyk.io/vuln/npm:jquery-ui’ for more information.

-http://secpl2.secretlab.pw/

error in code

[decodingLevel=0] found JavaScript
error: line:88: SyntaxError: invalid label:
error: line:88: ;{“@context”:“https://schema.org”,“@type”:“WebSite”,“@id”:“#website”,“url”:“http://secpl2.secretlab.pw/”,“name”:“The Guard \u2013 Security Services and Bodyguard Company WordPress Theme”,“potentialAction”:{“@type”:“SearchAction”,“target”:"http://se
error: line:88: …^
error: line:4: SyntaxError: missing = in XML attribute:
error: line:4:
error: line:4: …^
file: e120e3965713faf60db918a279fa0cfcda720638: 104716 bytes

polonus (volunteer website security analyst and website error-hunter)

2

error

-secpl2.secretlab.pw/wp-content/plugins/composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.4.1 benign
[nothing detected] (script) -secpl2.secretlab.pw/wp-content/plugins/composer/assets/js/vendors/woocommerce-add-to-cart.js?ver=5.4.1
status: (referer=secpl2.secretlab.pw/)saved 895 bytes ae9b808c87bbbf57b9f3132c41effaaa12af03ff
info: [decodingLevel=0] found JavaScript
error: undefined function window.jQuery
error: undefined variable window.jQuery(document)
error: line:1: SyntaxError: missing ; before statement:
error: line:1: var window.jQuery(document) = 1;
error: line:1: …^
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
file: ae9b808c87bbbf57b9f3132c41effaaa12af03ff: 895 bytes
file: 0a101cbe6b26678bd741857926bffbe3588aa30e: 1505 bytes
file: b97e76f5ac494a2d9c65cf37c518ecebf7bdc3e1: 1666 bytes
file: 1f2030da668162178f0f1e728632c4a6917f82dd: 1380 bytes
file: 3c8de54b2d0eb332c2e024160470f39f5065c2e9: 1504 bytes

Page has also quite some deadlinks:

##/s.w.org ##/comments/ ##/http:/ ##/.png ##/s.w.org ##/wp-includes/wlwmanifest.xml ##/wp-json/oembed/ ##/wp-content/plugins/revslider/public/assets/js/.min.js ##/wp-content/plugins/revslider/public/assets/js/themepunch.revolution.min.js ##/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.js ##/wp-content/plugins/revslider/public/assets/js/TweenLite.js ##/wp-content/plugins/revslider/public/assets/TweenLite.js ##/service/s.w.org ##/service/.png ##/service/http:/ ##/contacts/s.w.org ##/contacts/.png ##/contacts/http:/ ##/contact-forms/s.w.org ##/contact-forms/.png ##/cart/s.w.org ##/contact-forms/http:/ ##/cart/.png ##/cart/http:/ ##/service/retail-security/s.w.org ##/service/retail-security/.png ##/service/retail-security/http:/ ##/service/body-guard-vip-protection/s.w.org ##/service/body-guard-vip-protection/.png ##/service/private-investigators/.png ##/service/body-guard-vip-protection/http:/ ##/service/private-investigators/s.w.org ##/service/private-investigators/http:/ ##/service/home-security/s.w.org ##/service/home-security/.png ##/service/home-security/http:/ ##/blog/s.w.org ##/blog/.png ##/category/ ##/blog/http:/ ##/tag/ ##/auth ##/testimonial/s.w.org ##/blog/page/ ##/testimonial/.png ##/testimonial/http:/ ##/blog/blog-post-with-2-sidebars/s.w.org ##/blog/blog-post-with-2-sidebars/.png ##/blog/blog-post-with-2-sidebars/http:/ ##/blog/blog-post-with-left-sidebar/s.w.org ##/blog/blog-post-with-left-sidebar/.png ##/blog/audio-post-format/s.w.org ##/blog/blog-post-with-left-sidebar/http:/ ##/blog/audio-post-format/.png ##/blog/audio-post-format/http:/ ##/blog/a-post-without-image/s.w.org ##/blog/a-post-without-image/.png ##/blog/a-post-without-image/http:/ ##/service/cctv-installation/s.w.org ##/service/cctv-installation/.png ##/service/cctv-installation/http:/ ##/testimonial/testimonial-6/s.w.org ##/testimonial/testimonial-6/.png ##/testimonial/testimonial-6/http:/ ##/testimonial/testimonial-5/s.w.org ##/testimonial/testimonial-5/.png ##/testimonial/testimonial-4/s.w.org ##/testimonial/testimonial-5/http:/ ##/testimonial/testimonial-4/.png ##/testimonial/testimonial-3/s.w.org ##/testimonial/testimonial-3/.png ##/testimonial/testimonial-4/http:/ ##/testimonial/testimonial-3/http:/ ##/testimonial/testimonial-2/s.w.org ##/testimonial/testimonial-2/.png ##/testimonial/testimonial-2/http:/ ##/apis.google.com/ ##/assets.pinterest.com/ ##/service/wp-admin/ ##/contacts/wp-admin/ ##/contact-forms/wp-admin/ ##/cart/wp-admin/ ##/shop/s.w.org ##/shop/.png ##/shop/http:/ ##/product-category/ ##/service/retail-security/wp-admin/ ##/blog/post-with-132456-password-protected/s.w.org ##/service/body-guard-vip-protection/wp-admin/ ##/service/private-investigators/wp-admin/ ##/service/home-security/wp-admin/ ##/blog/post-with-132456-password-protected/.png ##/blog/post-with-132456-password-protected/http:/ ##/blog/template-comments/s.w.org ##/blog/template-comments/.png ##/blog/template-comments/http:/ ##/blog/gallery-post-format/s.w.org ##/blog/wp-admin/ ##/blog/gallery-post-format/.png ##/blog/gallery-post-format/http:/ ##/blog/video-post-format/s.w.org ##/blog/video-post-format/.png ##/blog/image-post-format/s.w.org ##/blog/video-post-format/http:/ ##/blog/image-post-format/.png ##/blog/image-post-format/http:/ ##/blog/link-post-format/s.w.org ##/blog/link-post-format/.png ##/blog/quote-post-format/s.w.org ##/blog/link-post-format/http:/ ##/blog/quote-post-format/.png ##/blog/quote-post-format/http:/ ##/testimonial/testimonial-1/.png ##/testimonial/testimonial-1/s.w.org ##/testimonial/testimonial-1/http:/ ##/testimonial/wp-admin/ ##/blog/blog-post-with-left-sidebar/wp-admin/ ##/blog/blog-post-with-2-sidebars/wp-admin/ ##/blog/audio-post-format/wp-admin/ ##/blog/a-post-without-image/wp-admin/ ##/service/cctv-installation/wp-admin/ ##/testimonial/testimonial-6/wp-admin/ ##/testimonial/testimonial-5/wp-admin/ ##/my-account/s.w.org ##/testimonial/testimonial-4/wp-admin/ ##/testimonial/testimonial-3/wp-admin/ ##/my-account/.png ##/my-account/http:/ ##/testimonial/testimonial-2/wp-admin/ ##/uncategorized/s.w.org ##/shop/wp-admin/ ##/blog/post-with-132456-password-protected/wp-admin/ ##/uncategorized/.png ##/uncategorized/http:/ ##/blog/template-sticky/s.w.org ##/blog/template-sticky/.png ##/blog/template-sticky/http:/ ##/blog/template-comments/wp-admin/ ##/uncategorized/hello-world/s.w.org ##/uncategorized/hello-world/.png ##/uncategorized/hello-world/http:/ ##/blog/gallery-post-format/wp-admin/ ##/blog/markup-image-alignment/s.w.org ##/blog/markup-image-alignment/.png ##/blog/markup-image-alignment/http:/ ##/blog/template-paginated/s.w.org ##/blog/template-paginated/.png ##/blog/template-paginated/http:/ ##/blog/video-post-format/wp-admin/ ##/blog/image-post-format/wp-admin/ ##/blog/quote-post-format/wp-admin/ ##/blog/link-post-format/wp-admin/ ##/testimonial/testimonial-1/wp-admin/ ##/my-account/wp-admin/ ##/uncategorized/wp-admin/ ##/blog/template-sticky/wp-admin/ ##/uncategorized/hello-world/wp-admin/ ##/blog/template-paginated/2/s.w.org ##/blog/template-paginated/2/.png ##/blog/template-paginated/2/http:/ ##/blog/template-paginated/3/s.w.org ##/blog/markup-image-alignment/wp-admin/ ##/blog/template-paginated/3/.png ##/blog/template-paginated/3/http:/ ##/blog/template-paginated/wp-admin/
Also found these files : ##xmlrpc.php 228 text/plain vchideactivationmsg_vc11=12.0 405 ##xmlrpc.php?rsd 268 text/xml vchideactivationmsg_vc11=12.0 200 /xmlrpc.php ##wp-login.php 450 text/html vchideactivationmsg_vc11=12.0 200

polonus