3 :80 wpscan
$ wpscan --url http://monitors.htb
[+] XML-RPC seems to be enabled: http://monitors.htb/xmlrpc.ph
[+] Upload directory has listing enabled: http://monitors.htb/wp-content/uploads/
[+] WordPress version 5.5.1 identified (Insecure, released on 2020-09-01).
[+] WordPress theme in use: iconic-one
| Location: http://monitors.htb/wp-content/themes/iconic-one/
| [!] The version is out of date, the latest version is 2.2
| Version: 2.1.7 (80% confidence)
[i] Plugin(s) Identified:
[+] wp-with-spritz
| Location: http://monitors.htb/wp-content/plugins/wp-with-spritz/
| Latest Version: 1.0 (up to date)
[i] User(s) Identified:
[+] admin
| Found By: Author Posts - Author Pattern (Passive Detection)
# found exploit for plugin
| https://www.exploit-db.com/exploits/44544
Last updated