Site Information
WordPress Version: 6.4.3 ⚠️ VULNERABLE
Theme: phlox-pro (used by 4,809 domains)
Last Checked: 2026-07-14 03:25:05
HTTPS: ✅ Yes
Plugins (15)
| Plugin | Used By |
|---|---|
| ar-contactus | 2,881 |
| auxin-elements | 8,140 |
| auxin-portfolio | 3,524 |
| auxin-pro-tools | 4,138 |
| auxin-the-news | 412 |
| bdthemes-element-pack | 24,598 |
| contact-form-7 | 1,784,262 |
| elementor | 1,794,365 |
| elementor-pro | 1,061,434 |
| google-analytics-premium | 15,075 |
| header-footer-elementor | 211,295 |
| premium-addons-for-elementor | 86,343 |
| readabler | 2,417 |
| revslider | 619,582 |
| wpforms-lite | 128,455 |
Security Headers
B
Grade B
1 missing header
Missing Headers:
- Content-Security-Policy (CSP) — Prevents XSS attacks ?
Exposed Files & Configurations
This domain has publicly accessible security-sensitive files or configurations:
- Vulnerable WordPress Version (6.4.3) — CVE-2024-4439: Unauthenticated Stored XSS. Update to 6.5.2 or later immediately.
- User enumeration exposed — Usernames are publicly discoverable via the REST API or author archives, aiding brute-force attacks ?
Need help securing your WordPress site? Contact us for a professional security audit.