WordPress vulnerability report for

View your online scan results below.

WordPress Vulnerability Report

Your WordPress website is potentially vulnerable to attack!

Scan URL: https://www.costumeswithcharacter.com/
Scan Date: Wed Jan 31 07:08:33 2018 (UTC+1)
WordPress Version: 4.9.2
Risk Factor: 0.9

Sign-up for free and view the full report

Is my site really safe?

We have a good indication that your site is safe. This means that currently your data is probably safe. It is essential that you always keep your WordPress up to date. Below we will give you more information about how to improve security and some tips to prevent future vulnerabilities. Disclaimer: Since we used automated software there could be a small chance that your site is vulnerable because we made a false negative. Also, we don't test if the passwords you use are secure so you should do that yourself. In addition, we don't provide a full overview of all vulnerabilities and we don't scan your server for server security.

What did we scan?

WPSec.com uses the advanced scanning technology of WPScanner which we combine with our own intelligent scanning algorithms. We scan for known bugs that have been indexed in our WordPress Vulnerability Database, which contains over 14000 reported vulnerabilities. Our scanner tries to identify the plugins you run and will compare their versions against the bug database. In addition, we scan for several well-known mistakes that people make when setting up their WordPress installation.

WordPress is out of date

You are running an outdated WordPress version. Please update to the latest version.

Your are running WordPress version 4.9.2. This version is an outdated version of WordPress. It is best practice to keep your WordPress installation up to date. Therefore, it is essential to update to the newest version of WordPress. Automatically update in the WordPress backend or download the newest WordPress version from the link below.

Download WordPress Update

Plugins & Themes

We have identified several plugins and themes in your WordPress installation. Always keep them up to date.

2m[+] Name: supercharger - v1.28
Installation Directory

 

2m[+] Name: contact-form-7 - v4.9.2


 

2m[+] Name: contact-form-7-datepicker - v2.6.0


 

2m[+] Name: download-manager - v2.9.64


 

2m[+] Name: et-shortcodes
Installation Directory

 

2m[+] Name: humansnotbots - v3.2


 

2m[+] Name: jetpack - v5.7.1


 

2m[+] Name: logos-showcase
Installation Directory

 

2m[+] Name: monarch
Installation Directory

Plugin Potentially Vulnerable - See Why »

2m[+] Name: oik - v3.2.3


 

2m[+] Name: ricg-responsive-images - v3.1.1


 

2m[+] Name: woocommerce - v3.3.0


 

2m[+] Name: wp-super-cache - v1.5.9


 

2m[+] Name: wordpress-seo - v6.2


 

Information Leakage

While leaking information is not a direct threat to security, it can facilitate an attacker to gain access to your systems. Therefore, it is recommended to review the following leaked info to see if it contains sensitive data.

Interesting entry from robots.txt: https://www.costumeswithcharacter.com/wp-admin/admin-ajax.php

The WordPress 'https://www.costumeswithcharacter.com/readme.html' file exists exposing a version number

Interesting header: SERVER: Apache

Interesting header: X-POWERED-BY: PHP/5.6.33

Upload directory has directory listing enabled: https://www.costumeswithcharacter.com/wp-content/uploads/

Includes directory has directory listing enabled: https://www.costumeswithcharacter.com/wp-includes/

Keep monitoring your WordPress for safety!

Create an account to get weekly security scans with email alerts.

Sign-up for free and view the full report

Free Sign-up