Wpscan scan result

└─$ wpscan –url 192.168.56.105

     __          _______   _____
     \ \        / /  __ \ / ____|
      \ \  /\  / /| |__) | (___   ___  __ _ _ __ ®
       \ \/  \/ / |  ___/ \___ \ / __|/ _` | '_ \
        \  /\  /  | |     ____) | (__| (_| | | | |
         \/  \/   |_|    |_____/ \___|\__,_|_| |_|

     WordPress Security Scanner by the WPScan Team
                     Version 3.8.22
   Sponsored by Automattic - https://automattic.com/
   @_WPScan_, @ethicalhack3r, @erwan_lr, @firefart

[+] URL: http://192.168.56.105/ [192.168.56.105]
[+] Started: Fri Apr 29 19:59:59 2022

Interesting Finding(s):

[+] Headers
| Interesting Entry: Server: Apache/2.4.41 (Ubuntu)
| Found By: Headers (Passive Detection)
| Confidence: 100%

[+] robots.txt found: http://192.168.56.105/robots.txt
| Interesting Entries:
| – /wp-admin/
| – /wp-admin/admin-ajax.php
| Found By: Robots Txt (Aggressive Detection)
| Confidence: 100%

[+] XML-RPC seems to be enabled: http://192.168.56.105/xmlrpc.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%
| References:
| – http://codex.wordpress.org/XML-RPC_Pingback_API
| – https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_ghost_scanner/
| – https://www.rapid7.com/db/modules/auxiliary/dos/http/wordpress_xmlrpc_dos/
| – https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_xmlrpc_login/
| – https://www.rapid7.com/db/modules/auxiliary/scanner/http/wordpress_pingback_access/

[+] WordPress readme found: http://192.168.56.105/readme.html
| Found By: Direct Access (Aggressive Detection)
| Confidence: 100%

[+] The external WP-Cron seems to be enabled: http://192.168.56.105/wp-cron.php
| Found By: Direct Access (Aggressive Detection)
| Confidence: 60%
| References:
| – https://www.iplocation.net/defend-wordpress-from-ddos
| – https://github.com/wpscanteam/wpscan/issues/1299

[+] WordPress version 5.9.3 identified (Latest, released on 2022-04-05).
| Found By: Emoji Settings (Passive Detection)
| – http://192.168.56.105/, Match: ‘wp-includes\/js\/wp-emoji-release.min.js?ver=5.9.3’
| Confirmed By: Meta Generator (Passive Detection)
| – http://192.168.56.105/, Match: ‘WordPress 5.9.3’

[i] The main theme could not be detected.

[+] Enumerating All Plugins (via Passive Methods)

[i] No plugins Found.

[+] Enumerating Config Backups (via Passive and Aggressive Methods)
Checking Config Backups – Time: 00:00:06 <============================================> (137 / 137) 100.00% Time: 00:00:06

[i] No Config Backups Found.

[!] No WPScan API Token given, as a result vulnerability data has not been output.
[!] You can get a free API token with 25 daily requests by registering at https://wpscan.com/register

[+] Finished: Fri Apr 29 20:00:13 2022
[+] Requests Done: 139
[+] Cached Requests: 31
[+] Data Sent: 35.625 KB
[+] Data Received: 97.695 KB
[+] Memory used: 213.641 MB
[+] Elapsed time: 00:00:13