Scan your site now

Security Report Summary
C
Site:
Scanned Site(s):
1
IP Address:
35.214.124.33
Report Time:
28 Sep 2020 06:03:57 UTC
Checks:
Window Referrer
Window Opener
Comments
Enabled Debugging
Unsafe Functions
Warning:
Please have a look at the security issues / warnings in the report.
Warnings
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
  • /* ----------------------------------------------------------------------------------------------- Namespace--------------------------------------------------------------------------------------------------- */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* ----------------------------------------------------------------------------------------------- Cover Modals--------------------------------------------------------------------------------------------------- */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* ----------------------------------------------------------------------------------------------- Intrinsic Ratio Embeds--------------------------------------------------------------------------------------------------- */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* ----------------------------------------------------------------------------------------------- Modal Menu--------------------------------------------------------------------------------------------------- */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* ----------------------------------------------------------------------------------------------- Primary Menu--------------------------------------------------------------------------------------------------- */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* ----------------------------------------------------------------------------------------------- Toggles--------------------------------------------------------------------------------------------------- */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /** * Is the DOM ready? * * This implementation is coming from https://gomakethings.com/a-native-javascript-equivalent-of-jquerys-ready-method/ * * @param {Function} fn Callback function to run. */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* ----------------------------------------------------------------------------------------------- Helper functions--------------------------------------------------------------------------------------------------- */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* Toggle an attribute ----------------------- */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /** * Toggle a menu item on or off. * * @param {HTMLElement} target * @param {number} duration */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* * Step 4: prepare animation. * Position all the items with absolute offsets, at the same starting position. * Shouldn't result in any visual changes if done right. */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* * The double rAF is unfortunately needed, since we're toggling CSS classes, and * the only way to ensure layout completion here across browsers is to wait twice. * This just delays the start of the animation by 2 frames and is thus not an issue. */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /* * Step 5: start animation by moving everything to final position. * All the layout work has already happened, while we were preparing for the animation. * The animation now runs entirely in CSS, using cheap CSS properties (opacity and transform) * that don't trigger the layout or paint stages. */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /** * Traverses the DOM up to find elements matching the query. * * @param {HTMLElement} target * @param {string} query * @return {NodeList} parents matching query */[https://i5wed.com/wp-content/themes/twentytwenty/assets/js/index.js?ver=1.3]
  • /*! * jQuery UI Core 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/category/ui-core/ */[https://i5wed.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4]
  • /*! * jQuery UI Datepicker 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/datepicker/ */[https://i5wed.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.11.4]
  • /*! * jQuery UI Widget 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/jQuery.widget/ */[https://i5wed.com/wp-includes/js/jquery/ui/widget.min.js?ver=1.11.4]
  • /*! * jQuery UI Mouse 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/mouse/ */[https://i5wed.com/wp-includes/js/jquery/ui/mouse.min.js?ver=1.11.4]
  • /* * jQuery timepicker addon * By: Trent Richardson [http://trentrichardson.com] * Version 1.2 * Last Modified: 02/02/2013 * * Copyright 2013 Trent Richardson * You may use this project under MIT or GPL licenses. * http://trentrichardson.com/Impromptu/GPL-LICENSE.txt * http://trentrichardson.com/Impromptu/MIT-LICENSE.txt */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /*jslint evil: true, white: false, undef: false, nomen: false */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Lets not redefine timepicker, Prevent "Uncaught RangeError: Maximum call stack size exceeded" */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Extend jQueryUI, get it started with our version number */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Timepicker manager. * Use the singleton instance of this class, $.timepicker, to interact with the time picker. * Settings for (groups of) time pickers are maintained in an instance object, * allowing multiple different settings on the same page. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Override the default settings for all instances of the time picker. * @param settings object - the new settings to use as defaults (anonymous object) * @return the manager object */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Create a new Timepicker instance */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * add our sliders to the calendar */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * parse the time string from input value or _setTime */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * generate and inject html for timepicker into ui datepicker */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * This function tries to limit the ability to go outside the * min/max date range */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * when a slider moves, set the internal time... * on time change is also called when the time is updated in the text field */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * call custom onSelect. * bind to sliders slidestop, and grid click. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * update our input with the new date time.. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * remove following lines to force every changes in date picker to change the input value * Bug descriptions: when an input field has a default value, and click on the field to pop up the date picker. * If the user manually empty the value in the input field, the date picker will never change selected value. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Small abstraction to control types * We can add more, just be sure to follow the pattern: create, options, value */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * shorthand just to use timepicker.. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * extend timepicker to datepicker */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Public Utility to parse date and time */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Public utility to parse time */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Public utility to format the time * format = string format of the time * time = a {}, not a Date() for timezones * options = essentially the regional[].. amNames, pmNames, ampm */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * the bad hack :/ override datepicker so it doesnt close on select // inspired: http://stackoverflow.com/questions/1252512/jquery-datepicker-prevent-closing-picker-when-clicking-a-date/1762378#1762378 */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * second bad hack :/ override datepicker so it triggers an event when changing the input field * and does not redraw the datepicker on every selectDate event */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * third bad hack :/ override datepicker so it allows spaces and colon in the input field */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Fourth bad hack :/ override _updateAlternate function used in inline mode to init altField */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* Update any alternate field to synchronise with the main field. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Override key up event to sync manual input changes. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * override "Today" button to also grab the time. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Disable & enable the Time in the datetimepicker */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Create our own set time function */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Create new public method to set only time, callable as $().datepicker('setTime', date) */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * override setDate() to allow setting time too within Date object */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * override getDate() to allow getting time too within Date object */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * override parseDate() because UI 1.8.14 throws an error about "Extra characters" * An option in datapicker to ignore extra format characters would be nicer. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * override formatDate to set date with time to the input */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * override options setter to add time to maxDate(Time) and minDate(Time). MaxDate */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * jQuery isEmptyObject does not check hasOwnProperty - if someone has added to the object prototype, * it will return false for all objects */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * jQuery extend now ignores nulls! */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Determine by the time format if should use ampm * Returns true if should use ampm, false if not */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Converts 24 hour format into 12 hour * Returns 12 hour without leading 0 */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Splits datetime string into date ans time substrings. * Throws exception when date can't be parsed * Returns [dateString, timeString] */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Internal function to parse datetime interval * Returns: {date: Date, timeObj: Object}, where * date - parsed date without time (type Date) * timeObj = {hour: , minute: , second: , millisec: } - parsed time. Optional */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Internal function to set timezone_select to the local timezone */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Create a Singleton Insance */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /** * Get the timezone offset as string from a date object (eg '+0530' for UTC+5.5) * @param date * @return string */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /** * Calls `timepicker()` on the `startTime` and `endTime` elements, and configures them to * enforce date range limits. * n.b. The input value must be correctly formatted (reformatting is not supported) * @param Element startTime * @param Element endTime * @param obj options Options for the timepicker() call * @return jQuery */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /** * Calls `datetimepicker` on the `startTime` and `endTime` elements, and configures them to * enforce date range limits. * @param Element startTime * @param Element endTime * @param obj options Options for the `timepicker()` call. Also supports `reformat`, * a boolean value that can be used to reformat the input values to the `dateFormat`. * @param string method Can be used to specify the type of picker to be added * @return jQuery */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /** * Calls `method` on the `startTime` and `endTime` elements, and configures them to * enforce date range limits. * @param Element startTime * @param Element endTime * @param obj options Options for the `timepicker()` call. Also supports `reformat`, * a boolean value that can be used to reformat the input values to the `dateFormat`. * @param string method Can be used to specify the type of picker to be added * @return jQuery */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /** * Calls `method` on the `startTime` and `endTime` elements, and configures them to * enforce date range limits. * @param string method Can be used to specify the type of picker to be added * @param Element startTime * @param Element endTime * @param obj options Options for the `timepicker()` call. Also supports `reformat`, * a boolean value that can be used to reformat the input values to the `dateFormat`. * @return jQuery */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /** * Log error or data to the console during error or debugging * @param Object err pass any type object to log to the console during error or debugging * @return void */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /* * Keep up with the version */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
  • /*! * jQuery UI Sortable 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/sortable/ */[https://i5wed.com/wp-includes/js/jquery/ui/sortable.min.js?ver=1.11.4]
  • /** * Upload handler helper * * @param string {browse_button} browse_button ID of the pickfile * @param string {container} container ID of the wrapper * @param int {max} maximum number of file uplaods * @param string {type} */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/upload.js?ver=5.5.1]
  • /*! * sweetalert2 v6.6.4 * Released under the MIT License. */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Set hover, active and focus-states for buttons (source: http://www.sitepoint.com/javascript-generate-lighter-darker-color) */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* global MouseEvent */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Add modal + overlay to DOM */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Manipulate DOM */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Set type, text and actions on modal */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Animations */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /** * Show spinner instead of Confirm button and disable Cancel button */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Global function to determine if swal2 modal is shown */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Global function for chaining sweetAlert modals */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Global function for getting the index of current modal in queue */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Global function for inserting a modal to the queue */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Global function for deleting a modal from the queue */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Global function to close sweetAlert */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Global function to click 'Confirm' button */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /* * Global function to click 'Cancel' button */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /** * Show spinner instead of Confirm button and disable Cancel button */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /** * Set default params for each popup * @param {Object} userParams */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /** * Reset default params for each popup */[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/vendor/sweetalert2/dist/sweetalert2.js?ver=3.4.0]
  • /*! * jQuery UI Position 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/position/ */[https://i5wed.com/wp-includes/js/jquery/ui/position.min.js?ver=1.11.4]
  • /*! * jQuery UI Menu 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/menu/ */[https://i5wed.com/wp-includes/js/jquery/ui/menu.min.js?ver=1.11.4]
  • /*! * jQuery UI Autocomplete 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/autocomplete/ */[https://i5wed.com/wp-includes/js/jquery/ui/autocomplete.min.js?ver=1.11.4]
  • /*! * jQuery UI Slider 1.11.4 * http://jqueryui.com * * Copyright jQuery Foundation and other contributors * Released under the MIT license. * http://jquery.org/license * * http://api.jqueryui.com/slider/ */[https://i5wed.com/wp-includes/js/jquery/ui/slider.min.js?ver=1.11.4]
  • /*! This file is auto-generated */[https://i5wed.com/wp-includes/js/wp-embed.min.js?ver=5.5.1]
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
  • console.log( data );[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/billing-address.js?ver=5.5.1]
  • console.log(t);[https://i5wed.com/wp-includes/js/plupload/moxie.min.js?ver=1.3.5]
  • console.log(err);[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
  • document.write( '<script src="https://i5wed.com/wp-includes/js/dist/vendor/wp-polyfill-fetch.min.js?ver=3.0.0">' + 'ipt>' );[http://i5wed.com/event-halls-in-raanana/]
  • document.write( '<script src="https://i5wed.com/wp-includes/js/dist/vendor/wp-polyfill-node-contains.min.js?ver=3.42.0">' + 'ipt>' );[http://i5wed.com/event-halls-in-raanana/]
  • document.write( '<script src="https://i5wed.com/wp-includes/js/dist/vendor/wp-polyfill-dom-rect.min.js?ver=3.42.0">' + 'ipt>' );[http://i5wed.com/event-halls-in-raanana/]
  • document.write( '<script src="https://i5wed.com/wp-includes/js/dist/vendor/wp-polyfill-url.min.js?ver=3.6.4">' + 'ipt>' );[http://i5wed.com/event-halls-in-raanana/]
  • document.write( '<script src="https://i5wed.com/wp-includes/js/dist/vendor/wp-polyfill-formdata.min.js?ver=3.0.12">' + 'ipt>' );[http://i5wed.com/event-halls-in-raanana/]
  • document.write( '<script src="https://i5wed.com/wp-includes/js/dist/vendor/wp-polyfill-element-closest.min.js?ver=2.0.2">' + 'ipt>' );[http://i5wed.com/event-halls-in-raanana/]
  • eval(attrValue);[https://i5wed.com/wp-content/plugins/wp-user-frontend/assets/js/jquery-ui-timepicker-addon.js?ver=5.5.1]
Additional Information
Link Opener
The window.open("https://example.com/", "_blanc", "noopener"); attribute should always be added to the window.open() function, which open a site in a new tab, to reduce the risk of reverse tabnabbing. Otherwise javascript on the new page has full control over the previous visited page, including permission to change the DOM object and possibly steal session cookies.
Link Referrer
The window.open("https://example.com/", "_blanc", "referrer"); attribute should always be added to the window.open() function to prevent reverse tabnabbing for older browser, which do not support the noopener attribute and to prevent phishing attacks.
Comments
Comments should be removed from the public code of a web application, since it can give an aggressor critical insights into the inner structure of the program. By using this information, the attacker could easier understand how the user session is handled by javascript or figure out the pathway data is sent to the server.
Enabled Debugging
The JavaScript debugging functions should always removed after development stage, because they could expose informations on the inner workings of the code. In production, it is a loophole and could show a possible attacker where to find possibly exploitable vulnerabilities or interesting variables.
Unsafe Functions
eval() is eval! This functions and similar ones (document.write(), document.writeln(), element.innerHTML, element.outerHTML, element.insertAdjacentHTML()) should never be used in production stage of a website, because the parsing of the executable string is often not secure and result therefore often in a cross-site scripting vulnerability. Instead of these functions create html elements by script and add it to the DOM object.
Scanned URL(s)
אולמות אירועים ברעננה | פורטל האירועים 5