WPScan Vulnerability
six6out opened this issue · comments
Hey!
I use a tool for penetrating called WPScan (Kali Linux). WPScan returns 3 vulnerabilities with your Wordpress site:
Title: bbPress <= 2.5.8 - Stored Cross-Site Scripting (XSS) | Fixed in: 2.5.9 | References: | - https://wpvulndb.com/vulnerabilities/8484 | - https://blog.sucuri.net/2016/05/security-advisory-stored-xss-bbpress-2.html | - https://bbpress.org/blog/2016/05/bbpress-2-5-9/ |
| [!] Title: bbPress <= 2.5.9 - Display Name & Avatar Potential Cross-Site Scripting (XSS) | Fixed in: 2.5.10 | References: | - https://wpvulndb.com/vulnerabilities/8555 | - https://wptavern.com/bbpress-2-5-10-patches-security-vulnerability | - https://bbpress.org/blog/2016/07/bbpress-2-5-10-security-release/ | - https://plugins.trac.wordpress.org/changeset/1454184/bbpress |
| [!] Title: bbPress <= 2.5.12 - Unauthenticated SQL Injection | Fixed in: 2.5.13 | References: | - https://wpvulndb.com/vulnerabilities/8958 | - https://blog.sucuri.net/2017/11/sql-injection-bbpress.html | - https://hackerone.com/reports/179920
Just wanted to let you know. Security is a big asset in web development and hacking has been getting good these days.
EDIT: bbPress is one of the only Wordpress forum plugins. You can embed Discourse in a Wordpress server instead of bbPress.
I find great potential in this project and believe it should have a good site.
Thanks,
JavaSight
Formerly lunatic-coding
Stats for both of my issues can be found at a report:
https://javasight.github.io/hackdb/hackdb/analysis/kali/bibliocraftmod/2020-04-05
This is the newest statpage as of the writing of this comment.