HTTP/1.1 301 Moved Permanently
Server: nginx/1.14.2
Date: Fri, 04 Apr 2025 23:11:52 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://5.75.158.112/

Vulnerabilities

443 / tcp

1298995250 | 2025-04-05T01:00:30.173279

Hashes

hash

652108221

http.dom_hash

891954659

http.favicon.hash

-796949743

http.html_hash

1298995250

http.robots_hash

-209976333

http.server_hash

390592471

http.title_hash

1591131862

Willhelm Grill - Der smarteste Holzkohlegrill mit Appsteuerung

HTTP/1.1 200 OK
Server: nginx/1.14.2
Date: Sat, 05 Apr 2025 01:00:28 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
x-frame-options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Link: <https://www.willhelmgrill.com/wp-json/>; rel="https://api.w.org/"
Link: <https://www.willhelmgrill.com/>; rel=shortlink

SSL Certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:bd:f1:f4:e3:9c:36:50:e6:68:c9:bd:3b:46:29:03:ac:30
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, O=Let's Encrypt, CN=R11
        Validity
            Not Before: Mar 10 08:48:36 2025 GMT
            Not After : Jun  8 08:48:35 2025 GMT
        Subject: CN=*.willhelmgrill.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e1:96:06:7f:30:8e:36:41:61:e5:2c:16:cc:cc:
                    c1:93:64:64:3f:f5:e0:0a:37:52:a2:51:e7:2a:26:
                    fa:9b:58:45:be:e2:fc:da:d9:b9:f0:68:60:c3:6d:
                    96:5d:3b:41:c2:47:53:04:c0:f7:ee:f0:44:88:b2:
                    b1:9a:67:d5:a4:01:a2:94:55:fe:07:3d:97:ad:70:
                    09:4e:4e:9b:e1:eb:35:56:d7:04:22:b1:94:43:4e:
                    1a:b8:ab:90:da:65:80:f2:97:20:48:9d:99:d4:ff:
                    0b:91:27:a6:e2:d5:e1:1e:58:e7:8f:bb:47:b3:52:
                    2b:20:02:e1:85:79:4d:dd:25:c2:76:0d:b5:76:f4:
                    eb:ec:ab:26:4c:5a:a8:34:dd:ef:e1:e0:a4:c2:15:
                    75:59:d4:b5:e1:0e:72:f7:1c:b4:1a:aa:a7:33:12:
                    11:95:ed:a1:d8:a2:1b:41:34:ff:ff:ed:73:53:56:
                    7c:4a:2b:25:5a:62:11:e3:da:b8:99:62:e5:e3:88:
                    33:ca:e5:94:0b:b2:94:da:d3:8d:79:1e:9d:dd:91:
                    b9:7b:ab:02:6d:17:d5:c8:4b:6b:c1:89:75:be:69:
                    cc:5c:23:2b:ef:6c:42:b3:09:c8:10:eb:35:29:90:
                    bc:37:03:41:29:f2:07:b1:b7:79:3d:43:2c:f5:d0:
                    64:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication, TLS Web Client Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Key Identifier: 
                42:02:66:DA:77:CD:A5:B3:C7:05:87:93:DA:7C:A2:68:B4:89:12:EB
            X509v3 Authority Key Identifier: 
                C5:CF:46:A4:EA:F4:C3:C0:7A:6C:95:C4:2D:B0:5E:92:2F:26:E3:B9
            Authority Information Access: 
                OCSP - URI:http://r11.o.lencr.org
                CA Issuers - URI:http://r11.i.lencr.org/
            X509v3 Subject Alternative Name: 
                DNS:*.willhelmgrill.com, DNS:willhelmgrill.com
            X509v3 Certificate Policies: 
                Policy: 2.23.140.1.2.1
            CT Precertificate SCTs: 
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : A2:E3:0A:E4:45:EF:BD:AD:9B:7E:38:ED:47:67:77:53:
                                D7:82:5B:84:94:D7:2B:5E:1B:2C:C4:B9:50:A4:47:E7
                    Timestamp : Mar 10 09:47:06.967 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:F0:2F:2F:50:87:8E:97:6B:FA:65:A2:
                                CB:9F:2D:6A:CF:5F:1E:26:EA:B2:71:F0:79:B5:79:D9:
                                C3:CC:A8:8D:6C:02:21:00:B8:15:80:38:85:6C:B0:BD:
                                85:6C:79:48:EC:DA:E1:56:84:99:C7:74:AE:7B:A3:B8:
                                54:81:CD:19:FD:A8:6D:A5
                Signed Certificate Timestamp:
                    Version   : v1 (0x0)
                    Log ID    : 13:4A:DF:1A:B5:98:42:09:78:0C:6F:EF:4C:7A:91:A4:
                                16:B7:23:49:CE:58:57:6A:DF:AE:DA:A7:C2:AB:E0:22
                    Timestamp : Mar 10 09:47:07.364 2025 GMT
                    Extensions: none
                    Signature : ecdsa-with-SHA256
                                30:46:02:21:00:D0:DC:C2:E8:3A:1B:5E:85:ED:9F:4E:
                                CA:8D:56:0F:52:15:C8:63:F2:CC:36:83:54:0F:7E:4F:
                                77:A7:B5:B8:A5:02:21:00:EB:80:DC:65:1A:51:80:1E:
                                70:7D:51:5E:A0:51:E8:35:B0:32:E6:E3:77:43:8C:97:
                                61:AF:14:7A:77:C0:5E:FA
    Signature Algorithm: sha256WithRSAEncryption
    Signature Value:
        44:b2:a1:6f:de:4d:56:52:48:a8:0c:e7:1b:25:39:e4:e2:f5:
        bd:d5:97:de:56:b0:83:81:a7:3e:7a:c4:2a:97:25:9e:f7:12:
        5d:01:e1:48:ea:9c:a6:de:11:32:4b:b6:d0:fa:81:ae:23:67:
        ff:26:71:87:dd:66:53:f6:71:61:4e:82:ba:da:f1:f0:ad:99:
        69:0d:1c:6e:f7:dd:80:f5:32:74:89:37:13:68:87:48:f6:60:
        e6:5f:a0:9d:4f:a8:a0:2a:a5:da:60:7c:39:e6:4f:ee:3e:6c:
        da:9b:1e:11:34:15:65:0a:94:55:d3:cd:85:06:ca:aa:0f:68:
        1b:23:77:ff:5f:f3:77:8f:01:b6:18:d2:e9:92:6d:c2:72:1c:
        dd:89:bd:4f:c1:8c:e2:c0:62:ca:2b:f5:db:3f:3e:f2:7a:1b:
        15:9c:d7:6d:28:21:7d:91:a4:f7:31:af:a7:f6:b2:a8:13:9d:
        12:fa:71:08:60:8d:60:1d:3a:bd:fb:33:9d:49:2c:93:6f:20:
        e1:f7:19:0c:b6:8a:d7:73:2a:61:64:70:d1:90:84:84:9e:3b:
        d6:c3:92:11:3e:1c:5e:a7:c1:1e:af:a9:e0:1b:17:3d:6e:77:
        25:8a:9f:e4:a3:20:74:4d:61:12:07:32:3a:33:f6:d4:ec:24:
        f1:9d:58:23

Vulnerabilities

Vulnerabilities

Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.

2024(1)

CVE-2024-9944

5.3The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions.

2023(2)

CVE-2023-52222

4.3Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.

CVE-2023-44487

7.5The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

2022(2)

CVE-2022-2099

4.8The WooCommerce WordPress plugin before 6.6.0 is vulnerable to stored HTML injection due to lack of escaping and sanitizing in the payment gateway titles

CVE-2022-0775

4.3The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment

2021(3)

CVE-2021-24323

4.8When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled

CVE-2021-23017

7.7A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory overwrite, resulting in worker process crash or potential other impact.

CVE-2021-3618

7.4ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

2020(1)

CVE-2020-29156

5.3The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbitrary orders via the order_id parameter in a fetch_order_status action.

2019(6)

CVE-2019-20891

8.8WooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.

CVE-2019-20372

5.3NGINX before 1.17.7, with certain error_page configurations, allows HTTP request smuggling, as demonstrated by the ability of an attacker to read unauthorized web pages in environments where NGINX is being fronted by a load balancer.

CVE-2019-9516

7.5Some HTTP/2 implementations are vulnerable to a header leak, potentially leading to a denial of service. The attacker sends a stream of headers with a 0-length header name and 0-length header value, optionally Huffman encoded into 1-byte or greater headers. Some implementations allocate memory for these headers and keep the allocation alive until the session dies. This can consume excess memory.

CVE-2019-9513

7.5Some HTTP/2 implementations are vulnerable to resource loops, potentially leading to a denial of service. The attacker creates multiple request streams and continually shuffles the priority of the streams in a way that causes substantial churn to the priority tree. This can consume excess CPU.

CVE-2019-9511

7.5Some HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service. The attacker requests a large amount of data from a specified resource over multiple streams. They manipulate window size and stream priority to force the server to queue the data in 1-byte chunks. Depending on how efficiently this data is queued, this can consume excess CPU, memory, or both.

CVE-2019-9168

6.1WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.

2018(2)

CVE-2018-20714

8.1The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.

CVE-2018-16845

8.2nginx before versions 1.15.6, 1.14.1 has a vulnerability in the ngx_http_mp4_module, which might allow an attacker to cause infinite loop in a worker process, cause a worker process crash, or might result in worker process memory disclosure by using a specially crafted mp4 file. The issue only affects nginx if it is built with the ngx_http_mp4_module (the module is not built by default) and the .mp4. directive is used in the configuration file. Further, the attack is only possible if an attacker is able to trigger processing of a specially crafted mp4 file with the ngx_http_mp4_module.

2017(1)

CVE-2017-18356

8.8In the Automattic WooCommerce plugin before 3.2.4 for WordPress, an attack is possible after gaining access to the target site with a user account that has at least Shop manager privileges. The attacker then constructs a specifically crafted string that will turn into a PHP object injection involving the includes/shortcodes/class-wc-shortcode-products.php WC_Shortcode_Products::get_products() use of cached queries within shortcodes.

5.75.158.112

Last Seen: 2025-04-05

Tags:

GeneralInformation

WebTechnologies

OpenPorts

80 / tcp

-1426104546 | 2025-04-04T23:11:53.517322

Hashes

nginx1.14.2

443 / tcp

1298995250 | 2025-04-05T01:00:30.173279

Hashes

nginx1.14.2

Vulnerabilities

Products

Pricing

Contact Us

5.75.158.112

Last Seen: 2025-04-05

Tags:

GeneralInformation

WebTechnologies

OpenPorts

80 / tcp -1426104546 | 2025-04-04T23:11:53.517322

Hashes

nginx1.14.2

443 / tcp 1298995250 | 2025-04-05T01:00:30.173279

Hashes

nginx1.14.2

Vulnerabilities All ports Port 80 Port 443 Latest CVSS

Products

Pricing

Contact Us

80 / tcp

-1426104546 | 2025-04-04T23:11:53.517322

443 / tcp

1298995250 | 2025-04-05T01:00:30.173279

Vulnerabilities