URL: https://delorentz.nl/ [2a01:7c8:f0:10d2::f8b1:74d4] Started: Thu Oct 9 05:14:08 2025 Interesting Finding(s): Headers | Interesting Entries: | - Server: nginx | - Referrer-Policy: strict-origin-when-cross-origin | - Access-Control-Allow-Methods: GET,POST | - Access-Control-Allow-Headers: Content-Type, Authorization | - Content-Security-Policy: upgrade-insecure-requests; | - Cross-Origin-Embedder-Policy: unsafe-none; report-to='default' | - Cross-Origin-Embedder-Policy-Report-Only: unsafe-none; report-to='default' | - Cross-Origin-Opener-Policy: unsafe-none | - Cross-Origin-Opener-Policy-Report-Only: unsafe-none; report-to='default' | - Cross-Origin-Resource-Policy: cross-origin | - Permissions-Policy: accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=() | Found By: Headers (Passive Detection) | Confidence: 100% robots.txt found: https://delorentz.nl/robots.txt | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% XML-RPC seems to be enabled: https://delorentz.nl/xmlrpc.php | Found By: Direct Access (Aggressive Detection) | Confidence: 100% | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/ | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/ WordPress readme found: https://delorentz.nl/readme.html | Found By: Direct Access (Aggressive Detection) | Confidence: 100% This site has 'Must Use Plugins': https://delorentz.nl/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins The external WP-Cron seems to be enabled: https://delorentz.nl/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 WordPress version 6.7.2 identified (Insecure, released on 2025-02-11). | Found By: Query Parameter In Install Page (Aggressive Detection) | - https://delorentz.nl/wp-includes/css/dashicons.min.css?ver=6.7.2 | - https://delorentz.nl/wp-includes/css/buttons.min.css?ver=6.7.2 | - https://delorentz.nl/wp-admin/css/forms.min.css?ver=6.7.2 | - https://delorentz.nl/wp-admin/css/l10n.min.css?ver=6.7.2 | - https://delorentz.nl/wp-admin/css/install.min.css?ver=6.7.2 WordPress theme in use: delorentz-theme | Location: https://delorentz.nl/wp-content/themes/delorentz-theme/ | Style URL: https://delorentz.nl/wp-content/themes/delorentz-theme/style.css | | Found By: Urls In Homepage (Passive Detection) | Confirmed By: Urls In 404 Page (Passive Detection) | | The version could not be determined. Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs -: |=================================================| No Users Found. No WPScan API Token given, as a result vulnerability data has not been output. You can get a free API token with 25 daily requests by registering at https://wpscan.com/register Finished: Thu Oct 9 05:14:30 2025 Requests Done: 58 Cached Requests: 11 Data Sent: 14.674 KB Data Received: 644.036 KB Memory used: 184.5 MB Elapsed time: 00:00:22