Site Information
WordPress Version: 5.4.19 ⚠️ VULNERABLE
Theme: oceanwp (used by 81,434 domains)
Last Checked: 2026-05-28 19:22:27
HTTPS: ❌ No
Plugins (21)
| Plugin | Used By |
|---|---|
| elementor | 1,754,316 |
| elementor-pro | 1,023,436 |
| jetpack | 458,803 |
| mycred | 1,579 |
| native-lazyload | 1,448 |
| newsletter | 47,629 |
| ocean-cookie-notice | 1,193 |
| ocean-elementor-widgets | 2,723 |
| ocean-extra | 58,410 |
| ocean-footer-callout | 909 |
| ocean-modal-window | 1,739 |
| ocean-popup-login | 481 |
| ocean-sticky-header | 5,301 |
| ocean-woo-popup | 225 |
| onesignal-free-web-push-notifications | 15,912 |
| ti-woocommerce-wishlist | 10,190 |
| woo-product-table | 535 |
| woo-variation-swatches | 31,510 |
| woocommerce | 799,036 |
| wp-user-avatar-pro | 57 |
| yith-woocommerce-waiting-list | 356 |
Security Headers
F
Grade F
6 missing headers
Missing Headers:
- Strict-Transport-Security (HSTS) — Forces HTTPS connections ?
- Content-Security-Policy (CSP) — Prevents XSS attacks ?
- X-Content-Type-Options — Prevents MIME sniffing ?
- X-Frame-Options — Prevents clickjacking ?
- Referrer-Policy — Controls referrer information ?
- Permissions-Policy — Limits browser features ?
Exposed Files & Configurations
This domain has publicly accessible security-sensitive files or configurations:
- Vulnerable WordPress Version (5.4.19) — CVE-2024-4439: Unauthenticated Stored XSS. Update to 6.5.2 or later immediately.
Need help securing your WordPress site? Contact us for a professional security audit.