Re: https://sitecheck.sucuri.net/results/test2.secretlab.work blacklisted - outdated software found…PHP under 7.3.1
on CMS: User Enumeration
The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 admin demosap_m494xdo1
2 admin admin
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Immediate threats: Security Checks for -http://test2.secretlab.work/
Vulnerabilities can be uncovered more easily
(5) Susceptible to man-in-the-middle attacks
Vulnerable to cross-site attacks
Re: https://retire.insecurity.today/#!/scan/ba605756fda631c3e70f4be2159fabb5111431a462962bd75b28f5cece806b0f

Dom-Xss: Results from scanning URL: -http://test2.secretlab.work/
Number of sources found: 13
Number of sinks found: 322

Results from scanning URL: -https://test2.secretlab.work/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js
Number of sources found: 41
Number of sinks found: 17

polonus