search

wpscanteam / wpscan

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com
https://wpscan.com/wordpress-cli-scanner
Other
8.49k stars 1.25k forks source link

Lots of false positive of 500 http status code #1525

Closed NitroCao closed 4 years ago

NitroCao commented 4 years ago

wpscan treat the responses of 500 status code as vulnerable themes

scan command: docker run --rm -v /tmp/test_wpscan:/wpscan/.wpscan/db wpscanteam/wpscan --force --ignore-main-redirect --disable-tls-checks -f json -e vt,vp --api-token mytoken --themes-threshold 500 --url https://mysite.org scan result:

{
  "banner": {
    "description": "WordPress Security Scanner by the WPScan Team",
    "version": "3.8.5",
    "authors": [
      "@_WPScan_",
      "@ethicalhack3r",
      "@erwan_lr",
      "@firefart"
    ],
    "sponsor": "Sponsored by Automattic - https://automattic.com/"
  },
  "start_time": 1595921815,
  "start_memory": 39354368,
  "target_url": "https://mysite.org/",
  "target_ip": "10.xx.xx.xx",
  "effective_url": "https://mysite.org/",
  "interesting_findings": [
    {
      "url": "https://mysite.org/",
      "to_s": "Headers",
      "type": "headers",
      "found_by": "Headers (Passive Detection)",
      "confidence": 100,
      "confirmed_by": {

      },
      "references": {

      },
      "interesting_entries": [
        "Server: Apache",
        "X-Powered-By: PHP/7.2.24",
        "Access-Control-Allow-Origin: *"
      ]
    },
    {
      "url": "https://mysite.org/readme.html",
      "to_s": "WordPress readme found: https://mysite.org/readme.html",
      "type": "readme",
      "found_by": "Direct Access (Aggressive Detection)",
      "confidence": 100,
      "confirmed_by": {

      },
      "references": {

      },
      "interesting_entries": [

      ]
    },
    {
      "url": "https://mysite.org/wp-signup.php",
      "to_s": "This site seems to be a multisite",
      "type": "multisite",
      "found_by": "Direct Access (Aggressive Detection)",
      "confidence": 100,
      "confirmed_by": {

      },
      "references": {
        "url": [
          "http://codex.wordpress.org/Glossary#Multisite"
        ]
      },
      "interesting_entries": [

      ]
    },
    {
      "url": "https://mysite.org/wp-content/mu-plugins/",
      "to_s": "This site has 'Must Use Plugins': https://mysite.org/wp-content/mu-plugins/",
      "type": "mu_plugins",
      "found_by": "Direct Access (Aggressive Detection)",
      "confidence": 80,
      "confirmed_by": {

      },
      "references": {
        "url": [
          "http://codex.wordpress.org/Must_Use_Plugins"
        ]
      },
      "interesting_entries": [

      ]
    },
    {
      "url": "https://mysite.org/wp-cron.php",
      "to_s": "The external WP-Cron seems to be enabled: https://mysite.org/wp-cron.php",
      "type": "wp_cron",
      "found_by": "Direct Access (Aggressive Detection)",
      "confidence": 60,
      "confirmed_by": {

      },
      "references": {
        "url": [
          "https://www.iplocation.net/defend-wordpress-from-ddos",
          "https://github.com/wpscanteam/wpscan/issues/1299"
        ]
      },
      "interesting_entries": [

      ]
    }
  ],
  "version": {
    "number": "5.4.2",
    "release_date": "2020-06-10",
    "status": "latest",
    "found_by": "Style Etag (Aggressive Detection)",
    "confidence": 100,
    "interesting_entries": [
      "https://mysite.org/wp-admin/load-styles.php, Match: '5.4.2'"
    ],
    "confirmed_by": {
      "Query Parameter In Install Page (Aggressive Detection)": {
        "confidence": 90,
        "interesting_entries": [
          "https://mysite.org/wp-includes/css/dashicons.min.css?ver=5.4.2",
          "https://mysite.org/wp-includes/css/buttons.min.css?ver=5.4.2",
          "https://mysite.org/wp-admin/css/install.min.css?ver=5.4.2"
        ]
      }
    },
    "vulnerabilities": [

    ]
  },
  "main_theme": null,
  "plugins": {

  },
  "themes": {
    "5star": {
      "slug": "5star",
      "location": "https://mysite.org/wp-content/themes/5star/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/5star/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/5star/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "5star - Templatic Theme CSRF File Upload ",
          "fixed_in": null,
          "references": {
            "url": [
              "https://en.0day.today/exploits/22091"
            ],
            "wpvulndb": [
              "7484"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "abundance": {
      "slug": "abundance",
      "location": "https://mysite.org/wp-content/themes/abundance/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/abundance/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/abundance/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Abundance - Unspecified XSS",
          "fixed_in": null,
          "references": {
            "url": [
              "http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-wp-themes-by-kriesi.html"
            ],
            "wpvulndb": [
              "7352"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "accio": {
      "slug": "accio",
      "location": "https://mysite.org/wp-content/themes/accio/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/accio/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/accio/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "ThemeMakers Themes - Information Disclosure",
          "fixed_in": null,
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/131957/"
            ],
            "wpvulndb": [
              "8010"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "agency": {
      "slug": "agency",
      "location": "https://mysite.org/wp-content/themes/agency/",
      "latest_version": "1.2.8",
      "last_updated": "2014-09-19T00:00:00.000Z",
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/agency/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/agency/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Agency - themify-ajax.php File Upload Arbitrary Code Execution",
          "fixed_in": null,
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/124097/",
              "https://en.0day.today/exploits/22090"
            ],
            "wpvulndb": [
              "7492"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "agritourismo-theme": {
      "slug": "agritourismo-theme",
      "location": "https://mysite.org/wp-content/themes/agritourismo-theme/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/agritourismo-theme/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/agritourismo-theme/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Agritourismo - Remote File Upload ",
          "fixed_in": null,
          "references": {
            "exploitdb": [
              "29946"
            ],
            "url": [
              "https://packetstormsecurity.com/files/124232/"
            ],
            "wpvulndb": [
              "7428"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "akal": {
      "slug": "akal",
      "location": "https://mysite.org/wp-content/themes/akal/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/akal/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/akal/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Akal Theme - Reflected Cross-Site Scripting (XSS)",
          "fixed_in": null,
          "references": {
            "cve": [
              "2016-10957"
            ],
            "url": [
              "https://www.saotn.org/wordpress-advisory-akal-theme-xss-vulnerability"
            ],
            "wpvulndb": [
              "8607"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "alltuts": {
      "slug": "alltuts",
      "location": "https://mysite.org/wp-content/themes/alltuts/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/alltuts/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/alltuts/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Site5 Wordpress Themes Email Spoofing",
          "fixed_in": "2.0",
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/114750/"
            ],
            "wpvulndb": [
              "7354"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "allure-real-estate-theme-for-placester": {
      "slug": "allure-real-estate-theme-for-placester",
      "location": "https://mysite.org/wp-content/themes/allure-real-estate-theme-for-placester/",
      "latest_version": "0.1.1",
      "last_updated": "2011-08-11T00:00:00.000Z",
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/allure-real-estate-theme-for-placester/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/allure-real-estate-theme-for-placester/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "allure-real-estate-theme-for-placester <= 0.1.1 - XSS in ZeroClipboard.swf",
          "fixed_in": null,
          "references": {
            "url": [
              "https://en.0day.today/exploits/20396"
            ],
            "wpvulndb": [
              "7378"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "allure-real-estate-theme-for-real-estate": {
      "slug": "allure-real-estate-theme-for-real-estate",
      "location": "https://mysite.org/wp-content/themes/allure-real-estate-theme-for-real-estate/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/allure-real-estate-theme-for-real-estate/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/allure-real-estate-theme-for-real-estate/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "allure-real-estate-theme-for-real-estate <= 0.1.1 - XSS in ZeroClipboard.swf",
          "fixed_in": null,
          "references": {
            "url": [
              "https://en.0day.today/exploits/20396"
            ],
            "wpvulndb": [
              "7379"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "almera": {
      "slug": "almera",
      "location": "https://mysite.org/wp-content/themes/almera/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/almera/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/almera/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "ThemeMakers Themes - Information Disclosure",
          "fixed_in": null,
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/131957/"
            ],
            "wpvulndb": [
              "8010"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "ambience": {
      "slug": "ambience",
      "location": "https://mysite.org/wp-content/themes/ambience/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/ambience/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/ambience/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Ambience Theme <= 1.0 - Cross-Site Scripting (XSS)",
          "fixed_in": "1.1",
          "references": {
            "exploitdb": [
              "38568"
            ],
            "url": [
              "https://www.securityfocus.com/bid/60458/"
            ],
            "wpvulndb": [
              "7386"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "amoveo": {
      "slug": "amoveo",
      "location": "https://mysite.org/wp-content/themes/amoveo/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/amoveo/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/amoveo/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Amoveo - Arbitrary File Upload ",
          "fixed_in": null,
          "references": {
            "url": [
              "https://en.0day.today/exploits/21451"
            ],
            "wpvulndb": [
              "7413"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "amplus": {
      "slug": "amplus",
      "location": "https://mysite.org/wp-content/themes/amplus/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/amplus/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/amplus/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Amplus - CSRF ",
          "fixed_in": null,
          "references": {
            "exploitdb": [
              "29669"
            ],
            "url": [
              "https://packetstormsecurity.com/files/124041/",
              "https://en.0day.today/exploits/21535"
            ],
            "wpvulndb": [
              "7432"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "andyblue": {
      "slug": "andyblue",
      "location": "https://mysite.org/wp-content/themes/andyblue/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/andyblue/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/andyblue/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Andyblue < 20070607 - XSS",
          "fixed_in": "20070607",
          "references": {
            "cve": [
              "2007-3239"
            ],
            "url": [
              "https://cxsecurity.com/issue/WLB-2007060068",
              "https://www.securityfocus.com/bid/24490/"
            ],
            "wpvulndb": [
              "9629"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "anthology": {
      "slug": "anthology",
      "location": "https://mysite.org/wp-content/themes/anthology/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/anthology/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/anthology/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Anthology - Remote File Upload ",
          "fixed_in": null,
          "references": {
            "url": [
              "https://en.0day.today/exploits/21460"
            ],
            "wpvulndb": [
              "7412"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "antioch": {
      "slug": "antioch",
      "location": "https://mysite.org/wp-content/themes/antioch/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/antioch/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/antioch/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Antioch Theme - Arbitrary File Download",
          "fixed_in": null,
          "references": {
            "cve": [
              "2014-10397"
            ],
            "url": [
              "https://packetstormsecurity.com/files/128188/"
            ],
            "wpvulndb": [
              "8406"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "antisnews": {
      "slug": "antisnews",
      "location": "https://mysite.org/wp-content/themes/antisnews/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/antisnews/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/antisnews/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Antisnews < 1.10 - XSS",
          "fixed_in": "1.10",
          "references": {
            "cve": [
              "2011-3857"
            ],
            "wpvulndb": [
              "9641"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "appius": {
      "slug": "appius",
      "location": "https://mysite.org/wp-content/themes/appius/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/appius/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/appius/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "appius - Full Path Disclosure ",
          "fixed_in": null,
          "references": {
            "url": [
              "https://en.0day.today/exploits/20039"
            ],
            "wpvulndb": [
              "7316"
            ]
          }
        },
        {
          "title": "appius - Arbitrary File Upload ",
          "fixed_in": null,
          "references": {
            "wpvulndb": [
              "7317"
            ]
          }
        },
        {
          "title": "appius - Custom Background Shell Upload",
          "fixed_in": null,
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/125827/"
            ],
            "wpvulndb": [
              "7318"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "archin": {
      "slug": "archin",
      "location": "https://mysite.org/wp-content/themes/archin/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/archin/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/archin/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Archin 3.2 - Cross-Site Scripting & Arbitrary File Upload Vulnerabilities",
          "fixed_in": null,
          "references": {
            "wpvulndb": [
              "7371"
            ]
          }
        },
        {
          "title": "Archin 3.2 - hades_framework/option_panel/ajax.php Configuration Option Manipulation",
          "fixed_in": null,
          "references": {
            "exploitdb": [
              "21646"
            ],
            "wpvulndb": [
              "7372"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "area53": {
      "slug": "area53",
      "location": "https://mysite.org/wp-content/themes/area53/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/area53/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/area53/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "AREA53 <= 1.0.5 - File Upload Code Execution",
          "fixed_in": null,
          "references": {
            "exploitdb": [
              "29068"
            ],
            "url": [
              "https://www.securityfocus.com/bid/63306/",
              "https://en.0day.today/exploits/21442"
            ],
            "wpvulndb": [
              "7402"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "aries": {
      "slug": "aries",
      "location": "https://mysite.org/wp-content/themes/aries/",
      "latest_version": "1.0.1",
      "last_updated": "2015-05-30T00:00:00.000Z",
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/aries/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/aries/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "WordPress Slider Revolution Local File Disclosure",
          "fixed_in": null,
          "references": {
            "cve": [
              "2015-1579"
            ],
            "exploitdb": [
              "34511"
            ],
            "url": [
              "https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html",
              "https://packetstormsecurity.com/files/129761/"
            ],
            "wpvulndb": [
              "7540"
            ]
          }
        },
        {
          "title": "WordPress Slider Revolution Shell Upload",
          "fixed_in": null,
          "references": {
            "cve": [
              "2014-9735"
            ],
            "exploitdb": [
              "35385"
            ],
            "url": [
              "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/"
            ],
            "metasploit": [
              "exploit/unix/webapp/wp_revslider_upload_execute"
            ],
            "wpvulndb": [
              "7954"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "artificial-intelligence": {
      "slug": "artificial-intelligence",
      "location": "https://mysite.org/wp-content/themes/artificial-intelligence/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/artificial-intelligence/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/artificial-intelligence/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Artificial Intelligence Theme <= 1.2.3 - DOM Cross-Site Scripting (XSS)",
          "fixed_in": "1.2.4",
          "references": {
            "cve": [
              "2015-9501"
            ],
            "url": [
              "https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html",
              "https://github.com/duchenerc/artificial-intelligence/blob/53d0b1c323664876326b5bea807aac0dcb370fbd/scss/modules/genericons/example.html",
              "https://github.com/duchenerc/artificial-intelligence/commit/c70631b1f80518411df2f88476041351110c6eac"
            ],
            "wpvulndb": [
              "7994"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "atahualpa": {
      "slug": "atahualpa",
      "location": "https://mysite.org/wp-content/themes/atahualpa/",
      "latest_version": "3.7.24",
      "last_updated": "2015-05-30T00:00:00.000Z",
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/atahualpa/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/atahualpa/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Atahualpa Theme - Authenticated Cross-Site Scripting (XSS)",
          "fixed_in": null,
          "references": {
            "url": [
              "https://sumofpwn.nl/advisory/2016/cross_site_scripting_in_atahualpa_wordpress_theme.html",
              "https://seclists.org/fulldisclosure/2017/Feb/83"
            ],
            "wpvulndb": [
              "8748"
            ]
          }
        },
        {
          "title": "Atahualpa < 3.6.8 - XSS",
          "fixed_in": "3.6.8",
          "references": {
            "cve": [
              "2011-3850"
            ],
            "wpvulndb": [
              "9788"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "auberge": {
      "slug": "auberge",
      "location": "https://mysite.org/wp-content/themes/auberge/",
      "latest_version": "2.7.2",
      "last_updated": "2019-11-21T00:00:00.000Z",
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/auberge/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/auberge/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Auberge Theme <= 1.4.4 - DOM Cross-Site Scripting (XSS)",
          "fixed_in": "1.4.5",
          "references": {
            "cve": [
              "2015-9502"
            ],
            "url": [
              "https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html"
            ],
            "wpvulndb": [
              "7987"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "authentic": {
      "slug": "authentic",
      "location": "https://mysite.org/wp-content/themes/authentic/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/authentic/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/authentic/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Authentic Theme - Arbitrary File Download",
          "fixed_in": null,
          "references": {
            "url": [
              "https://cxsecurity.com/issue/WLB-2014090037",
              "https://packetstormsecurity.com/files/129706/",
              "https://www.securityfocus.com/bid/69671/"
            ],
            "wpvulndb": [
              "8408"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "Avada": {
      "slug": "Avada",
      "location": "https://mysite.org/wp-content/themes/Avada/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/Avada/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/Avada/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "WordPress Slider Revolution Local File Disclosure",
          "fixed_in": "3.4",
          "references": {
            "cve": [
              "2015-1579"
            ],
            "exploitdb": [
              "34511"
            ],
            "url": [
              "https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html",
              "https://packetstormsecurity.com/files/129761/"
            ],
            "wpvulndb": [
              "7540"
            ]
          }
        },
        {
          "title": "WordPress Slider Revolution Shell Upload",
          "fixed_in": "3.4",
          "references": {
            "cve": [
              "2014-9735"
            ],
            "exploitdb": [
              "35385"
            ],
            "url": [
              "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/"
            ],
            "metasploit": [
              "exploit/unix/webapp/wp_revslider_upload_execute"
            ],
            "wpvulndb": [
              "7954"
            ]
          }
        },
        {
          "title": "Avada Theme <= 5.1.4 - Stored Cross-Site Scripting (XSS) & CSRF ",
          "fixed_in": "5.1.5",
          "references": {
            "cve": [
              "2017-18607",
              "2017-18606"
            ],
            "url": [
              "http://wphutte.com/avada-5-1-4-stored-xss-and-csrf/",
              "http://theme-fusion.com/avada-documentation/changelog.txt",
              "https://themeforest.net/item/avada-responsive-multipurpose-theme/2833226"
            ],
            "wpvulndb": [
              "8801"
            ]
          }
        },
        {
          "title": "Avada < 6.2.3 - Missing Permission Checks leading to Arbitrary Post Creation, Edition, Deletion and Stored XSS",
          "fixed_in": "6.2.3",
          "references": {
            "url": [
              "https://blog.nintechnet.com/avada-wordpress-theme-fixed-multiple-vulnerabilities/",
              "https://theme-fusion.com/security-fix-added-in-6-2-3/"
            ],
            "wpvulndb": [
              "10209"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "avanix": {
      "slug": "avanix",
      "location": "https://mysite.org/wp-content/themes/avanix/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/avanix/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/avanix/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Imediapixel - Cross-Site Scripting (XSS)",
          "fixed_in": null,
          "references": {
            "url": [
              "http://jannefi.blogspot.fi/2012/10/xss-vulnerability-in-imediapixel.html"
            ],
            "wpvulndb": [
              "7328"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "awake": {
      "slug": "awake",
      "location": "https://mysite.org/wp-content/themes/awake/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/awake/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/awake/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Awake 3.3 - dl-skin.php _mysite_delete_skin_zip Parameter Absolute Path Traversal Remote Directory Deletion",
          "fixed_in": "2.5",
          "references": {
            "exploitdb": [
              "30443"
            ],
            "url": [
              "https://www.securityfocus.com/bid/64501/"
            ],
            "wpvulndb": [
              "7468"
            ]
          }
        },
        {
          "title": "Awake 3.3 - dl-skin.php _mysite_download_skin Parameter Absolute Path Traversal Remote File Download",
          "fixed_in": "3.4",
          "references": {
            "exploitdb": [
              "30443"
            ],
            "url": [
              "https://www.securityfocus.com/bid/64501/"
            ],
            "wpvulndb": [
              "7469"
            ]
          }
        },
        {
          "title": "WordPress Slider Revolution Local File Disclosure",
          "fixed_in": null,
          "references": {
            "cve": [
              "2015-1579"
            ],
            "exploitdb": [
              "34511"
            ],
            "url": [
              "https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html",
              "https://packetstormsecurity.com/files/129761/"
            ],
            "wpvulndb": [
              "7540"
            ]
          }
        },
        {
          "title": "WordPress Slider Revolution Shell Upload",
          "fixed_in": null,
          "references": {
            "cve": [
              "2014-9735"
            ],
            "exploitdb": [
              "35385"
            ],
            "url": [
              "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/"
            ],
            "metasploit": [
              "exploit/unix/webapp/wp_revslider_upload_execute"
            ],
            "wpvulndb": [
              "7954"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "axioma": {
      "slug": "axioma",
      "location": "https://mysite.org/wp-content/themes/axioma/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/axioma/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/axioma/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "ThemeMakers Themes - Information Disclosure",
          "fixed_in": null,
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/131957/"
            ],
            "wpvulndb": [
              "8010"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "bbe": {
      "slug": "bbe",
      "location": "https://mysite.org/wp-content/themes/bbe/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/bbe/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/bbe/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "BBE Theme < 1.53 - Direct Object Reference",
          "fixed_in": "1.53",
          "references": {
            "cve": [
              "2018-11244"
            ],
            "url": [
              "https://www.dopewp.com/version-history/"
            ],
            "wpvulndb": [
              "9087"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "beach_apollo": {
      "slug": "beach_apollo",
      "location": "https://mysite.org/wp-content/themes/beach_apollo/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/beach_apollo/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/beach_apollo/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "WordPress Slider Revolution Local File Disclosure",
          "fixed_in": null,
          "references": {
            "cve": [
              "2015-1579"
            ],
            "exploitdb": [
              "34511"
            ],
            "url": [
              "https://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html",
              "https://packetstormsecurity.com/files/129761/"
            ],
            "wpvulndb": [
              "7540"
            ]
          }
        },
        {
          "title": "WordPress Slider Revolution Shell Upload",
          "fixed_in": null,
          "references": {
            "cve": [
              "2014-9735"
            ],
            "exploitdb": [
              "35385"
            ],
            "url": [
              "https://whatisgon.wordpress.com/2014/11/30/another-revslider-vulnerability/"
            ],
            "metasploit": [
              "exploit/unix/webapp/wp_revslider_upload_execute"
            ],
            "wpvulndb": [
              "7954"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "beauty-premium": {
      "slug": "beauty-premium",
      "location": "https://mysite.org/wp-content/themes/beauty-premium/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/beauty-premium/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/beauty-premium/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Beauty & Clean Theme  1.0.8 - Arbitrary File Upload",
          "fixed_in": null,
          "references": {
            "cve": [
              "2016-10997"
            ],
            "exploitdb": [
              "39552"
            ],
            "wpvulndb": [
              "8412"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "bizco": {
      "slug": "bizco",
      "location": "https://mysite.org/wp-content/themes/bizco/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/bizco/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/bizco/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Bizco - themify-ajax.php File Upload Arbitrary Code Execution",
          "fixed_in": null,
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/124097/",
              "https://en.0day.today/exploits/22090"
            ],
            "wpvulndb": [
              "7514"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "black-letterhead": {
      "slug": "black-letterhead",
      "location": "https://mysite.org/wp-content/themes/black-letterhead/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/black-letterhead/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/black-letterhead/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Black Letterhead < 1.6 - XSS",
          "fixed_in": "1.6",
          "references": {
            "cve": [
              "2011-3865"
            ],
            "wpvulndb": [
              "9648"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "blaze": {
      "slug": "blaze",
      "location": "https://mysite.org/wp-content/themes/blaze/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/blaze/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/blaze/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Blaze - Unspecified XSS",
          "fixed_in": null,
          "references": {
            "url": [
              "http://jannefi.blogspot.fi/2012/09/xss-vulnerability-in-multiple-premium.html"
            ],
            "wpvulndb": [
              "7332"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "blessing": {
      "slug": "blessing",
      "location": "https://mysite.org/wp-content/themes/blessing/",
      "latest_version": null,
      "last_updated": null,
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/blessing/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/blessing/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "ThemeMakers Themes - Information Disclosure",
          "fixed_in": null,
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/131957/"
            ],
            "wpvulndb": [
              "8010"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    },
    "blogfolio": {
      "slug": "blogfolio",
      "location": "https://mysite.org/wp-content/themes/blogfolio/",
      "latest_version": "1.6.4.1",
      "last_updated": "2013-07-15T00:00:00.000Z",
      "outdated": false,
      "readme_url": false,
      "directory_listing": false,
      "error_log_url": null,
      "style_url": "https://mysite.org/wp-content/themes/blogfolio/style.css",
      "style_name": null,
      "style_uri": null,
      "description": null,
      "author": null,
      "author_uri": null,
      "template": null,
      "license": null,
      "license_uri": null,
      "tags": null,
      "text_domain": null,
      "found_by": "Known Locations (Aggressive Detection)",
      "confidence": 80,
      "interesting_entries": [
        "https://mysite.org/wp-content/themes/blogfolio/, status: 500"
      ],
      "confirmed_by": {

      },
      "vulnerabilities": [
        {
          "title": "Blogfolio - themify-ajax.php File Upload Arbitrary Code Execution",
          "fixed_in": null,
          "references": {
            "url": [
              "https://packetstormsecurity.com/files/124156/"
            ],
            "wpvulndb": [
              "7440"
            ]
          }
        }
      ],
      "version": null,
      "parents": [

      ]
    }
  },
  "vuln_api": {
    "plan": "free",
    "requests_done_during_scan": 342,
    "requests_remaining": 0
  },
  "stop_time": 1595922828,
  "elapsed": 1012,
  "requests_done": 1665,
  "cached_requests": 1257,
  "data_sent": 359288,
  "data_sent_humanised": "350.867 KB",
  "data_received": 2096619,
  "data_received_humanised": "1.999 MB",
  "used_memory": 249016320,
  "used_memory_humanised": "237.48 MB"
}

I tested some of the urls, the responses are indeed 500 status code.

Your environment

erwanlr commented 4 years ago

See the --exclude-content-based option to exclude those.

Also, --themes-threshold (with a default of 20) is there to warn you when there are too themes detected which are likely false positive and suggest to use the option mentioned above. Setting it to 500 defeat its purpose.

NitroCao commented 4 years ago

The point is the site doesn't use these themes. In this case, I know which themes need be excluded cause I increased the value of --themes-threshold, but what if other sites which are first to be scanned? How do I know which themes need to be excluded? Or can --exclude-content-based exclude the responses of specific status codes?

erwanlr commented 4 years ago 
--exclude-content-based REGEXP_OR_STRING  Exclude all responses matching the Regexp (case insensitive) during parts of the enumeration.
                                          Both the headers and body are checked. Regexp delimiters are not required.

Both the headers and body are checked

So yes, responses with a specific status code can be excluded.