Membership level: Free member
Enumerate Wordpress Users (wpscan --url https://khealth.com/ --enumerate u --random-user-agent --force --max-scan-duration 60)
URL: https://khealth.com/ [2606:4700::6812:7c1]
Started: Sun Jan 12 06:44:26 2025

Interesting Finding(s):

Headers
 | Interesting Entries:
 |  - content-security-policy-report-only: default-src 'self'; script-src 'self' https://cdn.levelaccess.net/accessjs/YW1wMTMzNTA/access.js https://cdn.segment.com/analytics.js/v1/4Y6iYCZHd2D5xVGYpxGVLMkEmstys7eH/analytics.min.js https://js-agent.newrelic.com/nr-rum-1.277.0.min.js https://script.hotjar.com/modules.675199526fcb21f102e5.js https://static.hotjar.com/c/hotjar-2358264.js https://static.khealth.com/globalPrivacyControl.js https://static.legitscript.com/seals/9571275.js; style-src 'self'; object-src 'none'; base-uri 'self'; img-src 'self' data: https://static.legitscript.com; font-src 'self'; connect-src 'self' https://cdn.levelaccess.net https://api.segment.io https://bam.nr-data.net https://cdn.segment.com; frame-src 'none'; manifest-src 'self'; media-src 'self'; worker-src 'self'; report-uri https://67614c66cfdd640ab319b959.endpoint.csper.io?builder=true&v=2;
 |  - x-pantheon-styx-hostname: styx-fe2-a-669845b445-j2n5m
 |  - x-styx-req-id: d70a6fc3-d0f2-11ef-8567-e6e38c88f5d1
 |  - x-served-by: cache-chi-kigq8000124-CHI, cache-lax-kwhp1940088-LAX
 |  - x-cache-hits: 8, 0
 |  - x-timer: S1736693063.978803,VS0,VE61
 |  - via: 1.1 varnish, 1.1 varnish
 |  - CF-Cache-Status: DYNAMIC
 |  - Server: cloudflare
 |  - CF-RAY: 900dec9b5c6d2b83-LAX
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

robots.txt found: https://khealth.com/robots.txt
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

WordPress readme found: https://khealth.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

The external WP-Cron seems to be enabled: https://khealth.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

WordPress version 6.6.2 identified (Outdated, released on 2024-09-10).
 | Found By: Rss Generator (Aggressive Detection)
 |  - https://khealth.com/feed/, <generator>https://wordpress.org/?v=6.6.2</generator>
 |  - https://khealth.com/comments/feed/, <generator>https://wordpress.org/?v=6.6.2</generator>

WordPress theme in use: khealth
 | Location: https://khealth.com/wp-content/themes/khealth/
 | Style URL: https://khealth.com/wp-content/themes/khealth/style.css
 | Style Name: K Health
 | Style URI: https://pixelperfect.lt/
 | Author: Pixelperfect.lt
 | Author URI: https://pixelperfect.lt/
 |
 | Found By: Urls In Homepage (Passive Detection)
 | Confirmed By: Urls In 404 Page (Passive Detection)
 |
 | Version: 1 (80% confidence)
 | Found By: Style (Passive Detection)
 |  - https://khealth.com/wp-content/themes/khealth/style.css, Match: 'Version:      1'

Enumerating Users (via Passive and Aggressive Methods)

 Brute Forcing Author IDs -: |=================================================|

 User(s) Identified:

Allon Bloch and Ran Shaul
 | Found By: Rss Generator (Aggressive Detection)

K Health
 | Found By: Rss Generator (Aggressive Detection)

Holli Hill
 | Found By: Rss Generator (Aggressive Detection)

Robynn Lowe
 | Found By: Rss Generator (Aggressive Detection)

Craig Sorkin, DNP, APN
 | Found By: Rss Generator (Aggressive Detection)

Jennifer Nadel, MD
 | Found By: Rss Generator (Aggressive Detection)

Irmanie Hemphill, MD, FAAFP
 | Found By: Rss Generator (Aggressive Detection)

 No WPScan API Token given, as a result vulnerability data has not been output.
 You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

Finished: Sun Jan 12 06:45:09 2025
Requests Done: 54
Cached Requests: 8
Data Sent: 21.343 KB
Data Received: 2.57 MB
Memory used: 179.285 MB
Elapsed time: 00:00:43
Color Scheme
Target
khealth.com
Scan method
Enumerate Wordpress Users
Run command
wpscan --url https://khealth.com/ --enumerate u --random-user-agent --force --max-scan-duration 60
Scan time
43s
Quick report
Order full scan ($19/one time)
Scan date
12 Jan 2025 09:45
Copy scan report
Download report
Remove scan result
$
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration: