WordPress Stack Check
newhorizonnetworkfoundation.com
Results Summary
41 findings detected across newhorizonnetworkfoundation.com.
6 components identified. WordPress detected: Yes.
Severity Breakdown
Total findings detected across all components. The public summary below groups findings by vulnerability type. To see every affected component in full detail, run a free scan on your own domain at vulnify.app/tools.
Findings Overview
27 unique issues shown below, grouped from 41 total findings. When a vulnerability affects multiple components, it is listed once with the affected component count.
-
critical plugin: give has known vulnerability intelligence match
Affects 15 components
Detected version: 4.16.3 | Evidence quality: version-confirmed | Confidence score: 90 | Affected range: any to any | Patched version: true | CVE: CVE-2025-22777
CVE: CVE-2025-22777CVE-2019-13578CVE-2023-0224CVE-2025-0912CVE-2024-5932
-
high Content-Security-Policy header missing
No CSP header detected. XSS impact surface is larger.
-
medium REST API user-related routes appear discoverable from wp-json output
The wp-json response referenced user endpoints. Review whether public user enumeration should be constrained on this site.
-
medium Public readme artifact disclosed WordPress core version evidence
GET /readme.html responded with status 200 and exposed WordPress version clue 2.
-
medium WordPress installation or upgrade surfaces responded publicly
HEAD /wp-admin/install.php -> 200; HEAD /wp-admin/upgrade.php -> 200.
-
medium Public plugin readme files confirmed additional version evidence
give v4.16.3, translatepress-developer v1.7.4, translatepress-multilingual v3.2.4
-
medium Strict-Transport-Security (HSTS): missing
Ensures the browser only connects over HTTPS
-
medium Content-Security-Policy (CSP): missing
Prevents XSS and data injection attacks
-
medium X-Frame-Options: missing
Prevents clickjacking attacks
-
medium X-Content-Type-Options: missing
Prevents MIME-type sniffing
-
medium X-XSS-Protection: missing
Legacy XSS protection (modern browsers use CSP)
-
medium Referrer-Policy: missing
Controls how much referrer information is shared
-
medium Permissions-Policy: missing
Controls browser features and APIs
-
medium [REDACTED]: missing
Restricts Adobe Flash and PDF policies
-
medium Potentially sensitive paths are accessible
/admin (200, admin-surface, confidence:medium), /wp-admin (200, admin-surface, confidence:medium)
-
medium Administrative entry surfaces responded publicly
/admin (200), /wp-admin (200)
-
low WordPress component footprint detected
Detected 6 core/theme/plugin component signal(s) from public asset paths.
-
low wp-cron.php responded on the public surface
Observed wp-cron.php status 200. This endpoint is often abused for nuisance traffic or workload amplification if left unconstrained.
-
info WordPress footprint signals detected
WordPress signal count: 5. Confirm the target is a live WordPress frontend URL.
-
info Broader WordPress route coverage completed
Sampled 7 frontend route(s) plus public WordPress endpoints for deeper evidence.
7 findings are grouped in this public summary
This public page groups findings by vulnerability type to avoid exposing sensitive configuration details about newhorizonnetworkfoundation.com. To see the full breakdown including every affected component, version number, and remediation step, run a free scan on your own domain using Vulnify.
Run a Free Scan on newhorizonnetworkfoundation.comWhat the WordPress Stack Check Covers
This security profile for newhorizonnetworkfoundation.com was generated by Vulnify. The check analyzes:
- WordPress core version detection and known vulnerability lookup
- Active theme identification and security assessment
- Plugin inventory with version and CVE checks
- Security headers and hardening controls
- Exposed wp-config and sensitive file checks
- XML-RPC and REST API exposure assessment
Prioritized Actions
- highUpgrade vulnerable WordPress components
- highAdd Content-Security-Policy (CSP) header
- highAdd Strict-Transport-Security (HSTS) header
- highAdd baseline CSP
- highHarden cookies
- highRestrict sensitive paths
- highAdd edge-layer deny rules
- mediumReview REST API user exposure
- mediumRemove public WordPress version artifacts
- mediumConstrain public maintenance surfaces
- mediumAdd X-Frame-Options header
- mediumAdd X-Content-Type-Options header
- mediumAdd Referrer-Policy header
- mediumUse hardened cookie prefixes where possible
Run a Full Security Scan on newhorizonnetworkfoundation.com
Check for XSS, SQL injection, CSRF, broken authentication, and 50+ additional security tests with a complete vulnerability assessment.
About This Check
This report was generated using Vulnify's free security tools. Results reflect the configuration at the time of the check. For ongoing monitoring, detailed remediation guidance, and vulnerability scanning across 50+ security tests, create a free Vulnify account.
Last checked:
Report abuse
If this page contains sensitive data, copyright issues, or should not be public, report it.