1. WPScan Online
Membership level: Free member
Enumerate Wordpress Users (wpscan --url https://thepublicservicealliance.com/ --enumerate u --random-user-agent --force --max-scan-duration 60)
URL: https://thepublicservicealliance.com/ [2a09:8280:1::97:fe2e:0]
Started: Tue Sep  9 06:55:30 2025

Interesting Finding(s):

Headers
 | Interesting Entries:
 |  - server: Fly/9c84fce43 (2025-09-08)
 |  - x-fw-hash: aozsqqqo45
 |  - x-et-api-version: v1
 |  - x-et-api-origin: https://thepublicservicealliance.com
 |  - referrer-policy: no-referrer-when-downgrade
 |  - x-tec-api-root: https://thepublicservicealliance.com/wp-json/tribe/events/v1/
 |  - x-tec-api-version: v1
 |  - x-tec-api-origin: https://thepublicservicealliance.com
 |  - x-et-api-root: https://thepublicservicealliance.com/wp-json/tribe/tickets/v1/
 |  - x-fw-dynamic: TRUE
 |  - x-fw-version: 5.0.0
 |  - x-fw-server: Flywheel/5.1.0
 |  - x-cacheable: NO:Not Cacheable
 |  - fastly-restarts: 1
 |  - x-served-by: cache-ewr-kewr1740064-EWR, cache-ewr-kewr1740044-EWR
 |  - x-cache-hits: 0, 2
 |  - x-timer: S1757426126.791622,VS0,VE0
 |  - x-fw-serve: TRUE
 |  - x-fw-static: NO
 |  - x-fw-type: VISIT
 |  - via: 1.1 fly.io, 1.1 fly.io
 |  - fly-request-id: 01K4QC52XHVNPEG8FMS0EQKFFM-lax
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

This site has 'Must Use Plugins': https://thepublicservicealliance.com/wp-content/mu-plugins/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 80%
 | Reference: http://codex.wordpress.org/Must_Use_Plugins

The external WP-Cron seems to be enabled: https://thepublicservicealliance.com/wp-cron.php
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 60%
 | References:
 |  - https://www.iplocation.net/defend-wordpress-from-ddos
 |  - https://github.com/wpscanteam/wpscan/issues/1299

WordPress version 6.8.2 identified (Latest, released on 2025-07-15).
 | Found By: Rss Generator (Passive Detection)
 |  - https://thepublicservicealliance.com/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>
 |  - https://thepublicservicealliance.com/comments/feed/, <generator>https://wordpress.org/?v=6.8.2</generator>

 No WPScan API Token given, as a result vulnerability data has not been output.
 You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

Finished: Tue Sep  9 06:56:33 2025
Requests Done: 30
Cached Requests: 5
Data Sent: 9.892 KB
Data Received: 501.795 KB
Memory used: 168.551 MB
Elapsed time: 00:01:03

Scan Aborted: Max Scan Duration Reached
Color Scheme
Target
thepublicservicealliance.com
Scan method
Enumerate Wordpress Users
Run command
wpscan --url https://thepublicservicealliance.com/ --enumerate u --random-user-agent --force --max-scan-duration 60
Scan time
63s
Quick report
Order full scan ($19/one time)
Scan date
09 Sep 2025 09:56
Copy scan report
Download report
Remove scan result
$
Total scans
About 2 times
Some firewalls blocks vulnerability scanners. For get true positive results add wpscan.online IP addresses (208.76.253.232-208.76.253.239 or CIDR 208.76.253.232/29 ) to the whitelist
[scan_method]
Visibility:
Scan method:
Max Scan duration: