Site Information
WordPress Version: 5.7.15 ⚠️ VULNERABLE
Theme: donovan (used by 1,561 domains)
Last Checked: 2026-06-06 11:55:39
HTTPS: ✅ Yes
Plugins (24)
| Plugin | Used By |
|---|---|
| all-in-one-seo-pack | 92,828 |
| amazing-hover-effects | 195 |
| animate-it | 5,367 |
| call-now-button | 24,176 |
| comfortable-reading | 139 |
| contact-form-7 | 1,760,547 |
| content-views-query-and-display-post-page | 26,949 |
| dw-question-answer | 468 |
| easing-slider | 2,487 |
| jetpack-boost | 1,108 |
| js_composer | 430,098 |
| ml-slider | 80,488 |
| mystickymenu | 17,728 |
| photo-protect | 40 |
| popups | 3,237 |
| search-live | 96 |
| ts-visual-composer-extend | 875 |
| ultimate-social-media-plus | 3,751 |
| ultimate_vc_addons | 0 |
| vdz-call-back | 166 |
| wcp-openweather | 145 |
| wp-smushit | 93,071 |
| wp-syntax | 1,057 |
| wp-ui | 374 |
Security Headers
F
Grade F
6 missing headers
Missing Headers:
- Strict-Transport-Security (HSTS) — Forces HTTPS connections ?
- Content-Security-Policy (CSP) — Prevents XSS attacks ?
- X-Content-Type-Options — Prevents MIME sniffing ?
- X-Frame-Options — Prevents clickjacking ?
- Referrer-Policy — Controls referrer information ?
- Permissions-Policy — Limits browser features ?
Exposed Files & Configurations
This domain has publicly accessible security-sensitive files or configurations:
- Vulnerable WordPress Version (5.7.15) — CVE-2024-4439: Unauthenticated Stored XSS. Update to 6.5.2 or later immediately.
- User enumeration exposed — Usernames are publicly discoverable via the REST API or author archives, aiding brute-force attacks ?
Need help securing your WordPress site? Contact us for a professional security audit.