WordPress 4.9.x < 4.9.17 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - An XML External Entity XXE vulnerability exists in the media library affecting PHP 8. - A data exposure vulnerability exists in the REST API. Note that the scanner has not...

Magento Log File Detected

Magento log files have been detected on the target web application. These files may contain sensitive information about application and server configuration, logins and passwords or confidential customer's data. No source data...

Security.txt File Detected

A Security.txt file has been detected on the target. When security risks in web services are discovered by independent security researchers, this file defines the channels to disclose them properly. As a result, security issues may be disclosed by 3rd party researchers securely in a manner define...

Security.txt File Not Detected

A Security.txt file has not been detected on the target. When security risks in web services are discovered by independent security researchers, this file defines the channels to disclose them properly & enables 3rd party researchers to disclose issues securely in a manner defined by the...

Duplicator Plugin for WordPress Installation File Detected

WordPress Duplicator Plugin files have been detected on the target WordPress installation. This may present an attacker with sensitive information to mount further attacks. No source data...

API Versions Detected

The scanner may have been able to detect several versions of the API for one or more endpoints. No source data...

WordPress Plugins Sensitive Files Detected

WordPress Plugins sensitive files have been detected on the target WordPress installation. This may present an attacker with sensitive information to mount further attacks, such as keys, credentials, internal host names, database tables & SQL queries, security logs, full path disclosures,...

Oracle WebLogic 10.3.6.0.0 / 12.1.3.0.0 / 12.2.1.3.0 Remote Code Execution

A vulnerability in Oracle WebLogic Server 10.3.6.0.0, 12.1.3.0.0 & 12.2.1.3.0 allows an unauthenticated attacker with HTTP access to the service to obtain arbitrary code execution due to an insecure deserialization. Oracle proposes the associated patches on its site to fix the vulnerability. No...

DOM Elements Excluded

Some DOM elements matched one or more entries in the DOM Exclusion list and therefore were excluded from interactions. No source data...

Drupal 7.x < 7.75 Remote Code Execution

According to its self-reported version, the instance of Drupal running on the remote web server is 7.0.x prior to 7.75, 8.8.x prior to 8.8.12, 8.9.x prior to 8.9.10 or 9.0.x prior to 9.0.9. It is, therefore, affected by a remote code execution due to the PEAR ArchiveTar library used by Drupal. No...

PHP 7.3.x < 7.3.24 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP running on the remote web server is 7.3.x prior to 7.3.24 or 7.4.x prior to 7.4.12. It is, therefore, affected by multiple vulnerabilities. Note that the scanner has not tested for these issues but has instead relied only on the...

Flash File Detected

A Adobe Flash file has been detected on this url. Flash will be EOL on December 31, 2020. No source data...

API Detected

The scan detected that some XHR requests seem to call an API. The scanner generated an OpenAPI file based on the observed requests and attached it to the plugin output. This OpenAPI file can then be used to run a scan against the API with WAS API Scanning. No source data...

OpenAPI File Detected

A OpenAPI configuration file has been detected and is available as an attachment below. OpenAPI is a specification that helps with documentation and consumption of REST APIs and may also be used to configure API scanning. No source data...

Server-Side Template Injection

Web applications often rely on template engines to manage the dynamic generation of the HTML pages presented to their users. A Server-Side Template Injection SSTI vulnerability exists when an application embeds unsafe user-controlled inputs in its templates and then evaluates it. By injecting a...

WordPress User Enumeration

In default WordPress installation there are several methods to enumerate authors username. These WordPress users can then be used in brute-force attacks against WordPress login page to guess passwords. No source data...

URI Blocked Due to Exclusion Rule

Requests to the URI were blocked due to a matching Exclusion rule. No source data...

OpenAPI Import Success

OpenAPI file was successfully imported and can be used during the scan. No source data...

OpenAPI Import Failed

OpenAPI file could not be imported and cannot be used during the scan. No source data...

Magento Mass Importer Unauthenticated Access

Magento Mass Importer Magmi is a Magento database client used to perform raw bulk operations on the models of the online store. The purpose of this software is to help Magento websites administrators to manage their catalog through a dedicated web interface. By directly accessing the Magmi URL wi...