See: -https://www.smartblockcloud.com/
Qualified as a High Risk Site.

Misconfiguration: User Enumeration The first two user ID's were tested to determine if user enumeration is possible.

Username Name
ID: 1 smartblockcloud smartblockcloud
ID: 2 not found
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. Take note that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

irectory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

Path Tested Status
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing is tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

WordPress Version 4.9.3 Version does not appear to be latest - Update Now Wordpress - 4.9.3 7.5 WPVDB-ID:9171 WordPress <= 5.0 - PHP Object Injection via Meta Data 7.5 WPVDB-ID:9912 WordPress <= 5.2.3 - Server-Side Request Forgery (SSRF) in URL Validation 7.5 WPVDB-ID:10004 WordPress <= 5.3 - wp_kses_bad_protocol() Colon Bypass 7.5 WPVDB-ID:9230 WordPress 3.9-5.1 - Comment Cross-Site Scripting (XSS) 6.8 WPVDB-ID:9913 WordPress <= 5.2.3 - Admin Referrer Validation 6.8 WPVDB-ID:9222 WordPress 3.7-5.0 (except 4.9.9) - Authenticated Code Execution 6.5 WPVDB-ID:9100 WordPress <= 4.9.6 - Authenticated Arbitrary File Deletion 6.5 WPVDB-ID:9054 WordPress 3.7-4.9.4 - Use Safe Redirect for Login 5.8 WPVDB-ID:9053 WordPress 3.7-4.9.4 - Remove localhost Default 5.8 WPVDB-ID:9169 WordPress <= 5.0 - Authenticated File Delete 5.5 WPVDB-ID:10201 WordPress < 5.4.1 - Password Reset Tokens Failed to Be Properly Invalidated 5.5 WPVDB-ID:9973 WordPress <= 5.3 - Authenticated Improper Access Controls in REST API 5 WPVDB-ID:9909 WordPress <= 5.2.3 - Unauthenticated View Private/Draft Posts 5 WPVDB-ID:9911 WordPress <= 5.2.3 - JSON Request Cache Poisoning 5 WPVDB-ID:9174 WordPress <= 5.0 - User Activation Screen Search Engine Indexing 5 WPVDB-ID:9021 WordPress <= 4.9.4 - Application Denial of Service (DoS) (unpatched) 5 WPVDB-ID:9867 WordPress <= 5.2.2 - Cross-Site Scripting (XSS) in URL Sanitisation 4.3 WPVDB-ID:10205 WordPress < 5.4.1 - Cross-Site Scripting (XSS) in wp-object-cache 4.3 WPVDB-ID:10202 WordPress < 5.4.1 - Unauthenticated Users View Private Posts 4.3 WPVDB-ID:9910 WordPress <= 5.2.3 - Stored XSS in Style Tags 4.3 WPVDB-ID:9055 WordPress 3.7-4.9.4 - Escape Version in Generator Tag 4.3 WPVDB-ID:9173 WordPress <= 5.0 - Cross-Site Scripting (XSS) that could affect plugins 4.3 WPVDB-ID:9170 WordPress <= 5.0 - Authenticated Post Type Bypass 4 WPVDB-ID:9172 WordPress <= 5.0 - Authenticated Cross-Site Scripting (XSS) 3.5 WPVDB-ID:10203 WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in Customizer 3.5 WPVDB-ID:9908 WordPress <= 5.2.3 - Stored XSS in Customizer 3.5 WPVDB-ID:9175 WordPress <= 5.0 - File Upload to XSS on Apache Web Servers 3.5 WPVDB-ID:10206 WordPress < 5.4.1 - Authenticated Cross-Site Scripting (XSS) in File Uploads 3.5 WPVDB-ID:9976 WordPress <= 5.3 - Authenticated Stored XSS via Block Editor Content 3.5 WPVDB-ID:10207 WordPress < 5.4.1 - Stored Cross-Site Scripting (XSS) in Customizer 0 WPVDB-ID:9975 WordPress <= 5.3 - Authenticated Stored XSS via Crafte SERVER DETAILS Web Server: Apache IP Address: 95.170.72.184 -> https://www.shodan.io/host/95.170.72.184 Hosting Provider: TRANSIP-AS Amsterdam, the Netherlands, NL TransIP DNS Shared Hosting: 247 sites found Various domains on one and the same IP address creates an additional risk. Title: Smart Block Cloud #8211; Stuk gaan aan DDOS is voor pleps zonder smart block chain technology

3 issues
Issues found during a high level analysis of the target site. It is recommended that further active scanning be undertaken for a more accurate assessment.

Retirable jQuery libfraries detected:

Retire.js
jquery 1.12.4 Found in -https://www.smartblockcloud.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
Medium Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

Netcraft risk grade 1 red out of 10: https://sitereport.netcraft.com/?url=https://www.smartblockcloud.com

Advanced gtracker score = -2 here: https://webcookies.org/cookies/www.smartblockcloud.com/30724231?671312
The page loads 9 third-party JavaScript files and 14 CSS but does not employ Sub-Resource Integrity to prevent breach if a third-party CDN is compromised
Suspicious pattern detected in: -https://www.smartblockcloud.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
DOM-XSS number of sources found: 41
DOM-XSS number of sinks found: 17
related to -Results from scanning URL: -https://www.google.com/recaptcha/api.js?hl=en
Number of sources found: 0
Number of sinks found: 1
&
Results from scanning URL: -https://s1.wp.com/_static/??-eJzTLy/QTc7PK0nNK9EvyClNz8wr1i+uzCtJrMjITM/IAeKS1CJMEWP94uSizIISoOIM5/yiVL2sYh19yo1yKiotzgjISczMAxpon2traGpuYGRgYmlhmgUAFLxAeg==
Number of sources found: 40
&
Results from scanning URL: //stats.wp dot com/w.js?61
Number of sources found: 13
Number of sinks found: 3

For instance this link: -http://smartblockcloud.com/2018/01/31/stuxnet/ server created an error

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)