URL: https://lms.institutpraha.cz/ [81.31.44.89] Started: Fri Mar 21 00:39:51 2025 Interesting Finding(s): Headers | Interesting Entries: | - Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.4.11 | - X-Powered-By: PHP/7.4.11 | Found By: Headers (Passive Detection) | Confidence: 100% robots.txt found: https://lms.institutpraha.cz/robots.txt | Interesting Entries: | - /wp-admin/ | - /wp-admin/admin-ajax.php | Found By: Robots Txt (Aggressive Detection) | Confidence: 100% XML-RPC seems to be enabled: https://lms.institutpraha.cz/xmlrpc.php | Found By: Link Tag (Passive Detection) | Confidence: 100% | Confirmed By: Direct Access (Aggressive Detection), 100% confidence | References: | - http://codex.wordpress.org/XML-RPC_Pingback_API | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/ | - https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/ | - https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/ This site has 'Must Use Plugins': https://lms.institutpraha.cz/wp-content/mu-plugins/ | Found By: Direct Access (Aggressive Detection) | Confidence: 80% | Reference: http://codex.wordpress.org/Must_Use_Plugins Upload directory has listing enabled: https://lms.institutpraha.cz/wp-content/uploads/ | Found By: Direct Access (Aggressive Detection) | Confidence: 100% The external WP-Cron seems to be enabled: https://lms.institutpraha.cz/wp-cron.php | Found By: Direct Access (Aggressive Detection) | Confidence: 60% | References: | - https://www.iplocation.net/defend-wordpress-from-ddos | - https://github.com/wpscanteam/wpscan/issues/1299 WordPress version 5.4.1 identified (Insecure, released on 2020-04-29). | Found By: Style Etag (Aggressive Detection) | - https://lms.institutpraha.cz/wp-admin/load-styles.php, Match: '5.4.1' | Confirmed By: Query Parameter In Upgrade Page (Aggressive Detection) | - https://lms.institutpraha.cz/wp-includes/css/dashicons.min.css?ver=5.4.1 | - https://lms.institutpraha.cz/wp-includes/css/buttons.min.css?ver=5.4.1 | - https://lms.institutpraha.cz/wp-admin/css/forms.min.css?ver=5.4.1 | - https://lms.institutpraha.cz/wp-admin/css/l10n.min.css?ver=5.4.1 | - https://lms.institutpraha.cz/wp-admin/css/install.min.css?ver=5.4.1 WordPress theme in use: Divi | Location: https://lms.institutpraha.cz/wp-content/themes/Divi/ | Latest Version: 4.27.4 | Last Updated: 2024-11-26T00:00:00.000Z | Readme: https://lms.institutpraha.cz/wp-content/themes/Divi/README.md | Style URL: https://lms.institutpraha.cz/wp-content/themes/Divi/style.css | Style Name: Divi | Style URI: http://www.elegantthemes.com/gallery/divi/ | Description: Smart. Flexible. Beautiful. Divi is the most powerful theme in our collection.... | Author: Elegant Themes | Author URI: http://www.elegantthemes.com | | Found By: Css Style In Homepage (Passive Detection) | Confirmed By: Css Style In 404 Page (Passive Detection) | | The version could not be determined. Enumerating Users (via Passive and Aggressive Methods) Brute Forcing Author IDs -: |=================================================| User(s) Identified: Jaroslav Vobr | Found By: Rss Generator (Passive Detection) | Confirmed By: Rss Generator (Aggressive Detection) No WPScan API Token given, as a result vulnerability data has not been output. You can get a free API token with 25 daily requests by registering at https://wpscan.com/register Finished: Fri Mar 21 00:40:26 2025 Requests Done: 61 Cached Requests: 9 Data Sent: 14.384 KB Data Received: 1.075 MB Memory used: 201.984 MB Elapsed time: 00:00:35