_______________________________________________________________
         __          _______   _____
         \ \        / /  __ \ / ____|
          \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
           \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
            \  /\  /  | |     ____) | (__| (_| | | | |
             \/  \/   |_|    |_____/ \___|\__,_|_| |_|

         WordPress Security Scanner by the WPScan Team
                         Version 3.8.28
       Sponsored by Automattic - https://automattic.com/
       @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart
_______________________________________________________________

[+] URL: https://corporate.zooplus.com/ [18.66.196.15]
[+] Effective URL: https://corporate.zooplus.com/en/
[+] Started: Mon Jan 12 12:00:41 2026

Interesting Finding(s):

[+] Headers
 | Interesting Entries:
 |  - server: istio-envoy
 |  - x-envoy-upstream-service-time: 863
 |  - via: 1.1 ec2e016357b2a4b61d6fc1a2e7c0826a.cloudfront.net (CloudFront)
 |  - x-amz-cf-pop: MXP63-P1
 |  - x-amz-cf-id: kqXe6iohdFHkl5jwKDxOvNC9L-D8Th-DA84Kv9r4L7Qvi7DDuqaYLA==
 | Found By: Headers (Passive Detection)
 | Confidence: 100%

[+] robots.txt found: https://corporate.zooplus.com/robots.txt
 | Found By: Robots Txt (Aggressive Detection)
 | Confidence: 100%

[+] WordPress readme found: https://corporate.zooplus.com/readme.html
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 100%

[+] A backup directory has been found: https://corporate.dgmktk8sp.ext.aws.zooplus.io/wp-content/backup-db/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 70%
 | Reference: https://github.com/wpscanteam/wpscan/issues/422

[+] This site has 'Must Use Plugins': https://corporate.dgmktk8sp.ext.aws.zooplus.io/wp-content/mu-plugins/
 | Found By: Direct Access (Aggressive Detection)
 | Confidence: 80%
 | Reference: http://codex.wordpress.org/Must_Use_Plugins

[+] WordPress version 6.8.1 identified (Insecure, released on 2025-04-30).
 | Found By: Emoji Settings (Passive Detection)
 |  - https://corporate.zooplus.com/en/, Match: 'wp-includes\/js\/wp-emoji-release.min.js?ver=6.8.1'
 | Confirmed By: Most Common Wp Includes Query Parameter In Homepage (Passive Detection)
 |  - https://corporate.zooplus.com/wp-includes/css/dist/block-library/style.min.css?ver=6.8.1
 |
 | [!] 2 vulnerabilities identified:
 |
 | [!] Title: WP < 6.8.3 - Author+ DOM Stored XSS
 |     Fixed in: 6.8.3
 |     References:
 |      - https://wpscan.com/vulnerability/c4616b57-770f-4c40-93f8-29571c80330a
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58674
 |      - https://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-cross-site-scripting-xss-vulnerability
 |      -  https://wordpress.org/news/2025/09/wordpress-6-8-3-release/
 |
 | [!] Title: WP < 6.8.3 - Contributor+ Sensitive Data Disclosure
 |     Fixed in: 6.8.3
 |     References:
 |      - https://wpscan.com/vulnerability/1e2dad30-dd95-4142-903b-4d5c580eaad2
 |      - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58246
 |      - https://patchstack.com/database/wordpress/wordpress/wordpress/vulnerability/wordpress-wordpress-wordpress-6-8-2-sensitive-data-exposure-vulnerability
 |      - https://wordpress.org/news/2025/09/wordpress-6-8-3-release/

[i] The main theme could not be detected.

[+] Enumerating All Plugins (via Passive Methods)
[+] Checking Plugin Versions (via Passive and Aggressive Methods)

[i] Plugin(s) Identified:

[+] sitepress-multilingual-cms
 | Location: https://corporate.dgmktk8sp.ext.aws.zooplus.io/wp-content/plugins/sitepress-multilingual-cms/
 |
 | Found By: Meta Generator (Passive Detection)
 |
 | Version: 4.7.4 (100% confidence)
 | Found By: Meta Generator (Passive Detection)
 |  - https://corporate.zooplus.com/en/, Match: 'WPML ver:4.7.4 stt'
 | Confirmed By: Readme - Stable Tag (Aggressive Detection)
 |  - https://corporate.dgmktk8sp.ext.aws.zooplus.io/wp-content/plugins/sitepress-multilingual-cms/readme.txt

[+] wordpress-seo
 | Location: https://corporate.dgmktk8sp.ext.aws.zooplus.io/wp-content/plugins/wordpress-seo/
 | Last Updated: 2026-01-07T09:17:00.000Z
 | [!] The version is out of date, the latest version is 26.7
 |
 | Found By: Comment (Passive Detection)
 |
 | Version: 25.1 (100% confidence)
 | Found By: Comment (Passive Detection)
 |  - https://corporate.zooplus.com/en/, Match: 'optimized with the Yoast SEO plugin v25.1 -'
 | Confirmed By:
 |  Readme - Stable Tag (Aggressive Detection)
 |   - https://corporate.dgmktk8sp.ext.aws.zooplus.io/wp-content/plugins/wordpress-seo/readme.txt
 |  Readme - ChangeLog Section (Aggressive Detection)
 |   - https://corporate.dgmktk8sp.ext.aws.zooplus.io/wp-content/plugins/wordpress-seo/readme.txt

[+] Enumerating Config Backups (via Passive and Aggressive Methods)

 Checking Config Backups -: |================================================================================================================================================================================|

[i] No Config Backups Found.

[+] WPScan DB API OK
 | Plan: free
 | Requests Done (during the scan): 0
 | Requests Remaining: 1

[+] Finished: Mon Jan 12 12:01:17 2026
[+] Requests Done: 173
[+] Cached Requests: 7
[+] Data Sent: 42.858 KB
[+] Data Received: 567.479 KB
[+] Memory used: 305.34 MB
[+] Elapsed time: 00:00:35