Vulnerability Scan Result

Target:

https://superworks.com/bottom-performers/

Scanned target: https://superworks.com/bottom-performers/

Submitted: Feb 02, 2026 from GQ

Public Scan

Scan mode: Passive (non-intrusive)

Summary

high

Info

Low

Medium

High

Critical

Screenshot

Screenshot could not be taken.

Title:	Bottom Performers: Important Strategies To Lift Them Up
Description:	Discover effective strategies for addressing and improving the performance of bottom performers to enhance team dynamics and overall productivity.

IP Information

ip_address	15.206.226.181
country	IN
network_name	Amazon.com, Inc.
asn	AS16509

Open Ports

443/tcp

https

Apache httpd 2.4.58

Web Technologies

Software / Version	Category
Microsoft Clarity	Analytics
Facebook Pixel 2.9.256	Analytics
jQuery Migrate 3.4.1	JavaScript libraries
core-js 3.32.2	JavaScript libraries
Goober	JavaScript libraries
Google Analytics	Analytics
Google Font API	Font scripts
Apache HTTP Server 2.4.58	Web servers
jQuery 3.7.1	JavaScript libraries
MySQL	Databases
Open Graph	Miscellaneous
PHP	Programming languages
RankMath SEO	WordPress plugins, SEO
Site Kit 1.165.0	Analytics, WordPress plugins
Priority Hints	Performance
WordPress	CMS, Blogs
WP Rocket	Caching, WordPress plugins
Google Tag Manager	Tag managers
HubSpot	Marketing automation
HSTS	Security
RSS	Miscellaneous
Taboola	Advertising
Ubuntu	Operating systems

Web Application Vulnerabilities

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	Summary
CVE-2024-38476	9.8	0.01813	0.82508	Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVE-2024-38474	9.8	0.00411	0.61021	Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
CVE-2025-23048	9.1	0.00033	0.09088	In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.
CVE-2024-38475	9.1	0.93803	0.99856	Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVE-2025-58098	8.3	0.00023	0.05442	Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Vulnerability description

Outdated or vulnerable software components include versions of server-side software that are no longer supported or have known, publicly disclosed vulnerabilities. Using outdated software significantly increases the attack surface of a system and may allow unauthorized access, data leaks, or service disruptions. Vulnerabilities in these components are often well-documented and actively exploited by attackers. Without security patches or vendor support, any weaknesses remain unmitigated, exposing the application to risks. In some cases, even after patching, the reported version may remain unchanged, requiring manual verification.

Risk description

The risk is that an attacker could search for an appropriate exploit (or create one himself) for any of these vulnerabilities and use it to attack the system. Since the vulnerabilities were discovered using only version-based testing, the risk level for this finding will not exceed 'high' severity. Critical risks will be assigned to vulnerabilities identified through accurate active testing methods.

Recommendation

In order to eliminate the risk of these vulnerabilities, we recommend you check the installed software version and upgrade to the latest version.

Classification

CWE	CWE-1035
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL	Method	Parameters	Evidence
https://superworks.com/bottom-performers/	GET	Headers: User-Agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.0.0 Safari/537.36	Credit Card Number: 2644536267352236

Vulnerability description

We noticed that this application does not properly prevent a person's private, personal information from being accessed by actors who either (1) are not explicitly authorized to access the information or (2) do not have the implicit consent of the person about whom the information is collected. Sensitive data targeted usually consists of emails, credit card and social security numbers.

Risk description

The risk exists that sensitive personal information within the application could be accessed by unauthorized parties. This could lead to privacy violations, identity theft, or other forms of personal or corporate harm.

Recommendation

Compartmentalize the application to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.

Evidence

URL
https://superworks.com/robots.txt

Vulnerability description

We found the robots.txt on the target server. This file instructs web crawlers what URLs and endpoints of the web application they can visit and crawl. Website administrators often misuse this file while attempting to hide some web pages from the users.

Risk description

There is no particular security risk in having a robots.txt file. However, it's important to note that adding endpoints in it should not be considered a security measure, as this file can be directly accessed and read by anyone.

Recommendation

We recommend you to manually review the entries from robots.txt and remove the ones which lead to sensitive locations in the website (ex. administration panels, configuration files, etc).

Evidence

Software / Version	Category
Microsoft Clarity	Analytics
Facebook Pixel 2.9.256	Analytics
jQuery Migrate 3.4.1	JavaScript libraries
core-js 3.32.2	JavaScript libraries
Goober	JavaScript libraries
Google Analytics	Analytics
Google Font API	Font scripts
Apache HTTP Server 2.4.58	Web servers
jQuery 3.7.1	JavaScript libraries
MySQL	Databases
Open Graph	Miscellaneous
PHP	Programming languages
RankMath SEO	WordPress plugins, SEO
Site Kit 1.165.0	Analytics, WordPress plugins
Priority Hints	Performance
WordPress	CMS, Blogs
WP Rocket	Caching, WordPress plugins
Google Tag Manager	Tag managers
HubSpot	Marketing automation
HSTS	Security
RSS	Miscellaneous
Taboola	Advertising
Ubuntu	Operating systems

Vulnerability description

We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.

Risk description

The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation

We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.

Evidence

URL Evidence

URL	Evidence
https://superworks.com/bottom-performers/	Response headers include the HTTP Content-Security-Policy security header with the following security issues:default-src: data: URI in default-src allows the execution of unsafe scripts. script-src: ''unsafe-inline'' allows the execution of unsafe in-page scripts and event handlers. base-uri: Missing base-uri allows the injection of base tags. They can be used to set the base URL for all relative (script) URLs to an attacker controlled domain. We recommend setting it to 'none' or 'self'. default-src: https: URI in default-src allows the execution of unsafe scripts. object-src: We recommend restricting object-src to 'none'. script-src: 'unsafe-eval' allows the execution of code injected into DOM APIs such as eval(). script-src: 'self' can be problematic if you host JSONP, Angular or user uploaded files. script-src: https: URI in script-src allows the execution of unsafe scripts.

https://superworks.com/bottom-performers/

Response headers include the HTTP Content-Security-Policy security header with the following security issues:default-src: data: URI in default-src allows the execution of unsafe scripts. script-src: ''unsafe-inline'' allows the execution of unsafe in-page scripts and event handlers. base-uri: Missing base-uri allows the injection of base tags. They can be used to set the base URL for all relative (script) URLs to an attacker controlled domain. We recommend setting it to 'none' or 'self'. default-src: https: URI in default-src allows the execution of unsafe scripts. object-src: We recommend restricting object-src to 'none'. script-src: 'unsafe-eval' allows the execution of code injected into DOM APIs such as eval(). script-src: 'self' can be problematic if you host JSONP, Angular or user uploaded files. script-src: https: URI in script-src allows the execution of unsafe scripts.

Vulnerability description

We noticed that the Content-Security-Policy (CSP) header configured for the web application includes unsafe directives. The CSP header activates a protection mechanism implemented in web browsers which prevents exploitation of Cross-Site Scripting vulnerabilities (XSS) by restricting the sources from which content can be loaded or executed.

Risk description

For example, if the unsafe-inline directive is present in the CSP header, the execution of inline scripts and event handlers is allowed. This can be exploited by an attacker to execute arbitrary JavaScript code in the context of the vulnerable application.

Recommendation

Remove the unsafe values from the directives, adopt nonces or hashes for safer inclusion of inline scripts if they are needed, and explicitly define the sources from which scripts, styles, images or other resources can be loaded.

Classification

CWE	CWE-693
OWASP Top 10 - 2017
OWASP Top 10 - 2021

Evidence

URL
Missing: https://superworks.com/.well-known/security.txt

Vulnerability description

We have noticed that the server is missing the security.txt file, which is considered a good practice for web security. It provides a standardized way for security researchers and the public to report security vulnerabilities or concerns by outlining the preferred method of contact and reporting procedures.

Risk description

There is no particular risk in not having a security.txt file for your server. However, this file is important because it offers a designated channel for reporting vulnerabilities and security issues.

Recommendation

We recommend you to implement the security.txt file according to the standard, in order to allow researchers or users report any security issues they find, improving the defensive mechanisms of your server.

Infrastructure Vulnerabilities

Evidence

CVE	CVSS	EPSS Score	EPSS Percentile	CISA KEV	Summary
CVE-2024-38476	9.8	0.01813	0.82508	No	Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information disclosure, SSRF or local script execution via backend applications whose response headers are malicious or exploitable. Users are recommended to upgrade to version 2.4.60, which fixes this issue.
CVE-2024-38474	9.8	0.00411	0.61021	No	Substitution encoding issue in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows attacker to execute scripts in directories permitted by the configuration but not directly reachable by any URL or source disclosure of scripts meant to only to be executed as CGI. Users are recommended to upgrade to version 2.4.60, which fixes this issue. Some RewriteRules that capture and substitute unsafely will now fail unless rewrite flag "UnsafeAllow3F" is specified.
CVE-2025-23048	9.1	0.00033	0.09088	No	In some mod_ssl configurations on Apache HTTP Server 2.4.35 through to 2.4.63, an access control bypass by trusted clients is possible using TLS 1.3 session resumption. Configurations are affected when mod_ssl is configured for multiple virtual hosts, with each restricted to a different set of trusted client certificates (for example with a different SSLCACertificateFile/Path setting). In such a case, a client trusted to access one virtual host may be able to access another virtual host, if SSLStrictSNIVHostCheck is not enabled in either virtual host.
CVE-2024-38475	9.1	0.93803	0.99856	Yes	Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. Substitutions in server context that use a backreferences or variables as the first segment of the substitution are affected. Some unsafe RewiteRules will be broken by this change and the rewrite flag "UnsafePrefixStat" can be used to opt back in once ensuring the substitution is appropriately constrained.
CVE-2025-58098	8.3	0.00023	0.05442	No	Apache HTTP Server 2.4.65 and earlier with Server Side Includes (SSI) enabled and mod_cgid (but not mod_cgi) passes the shell-escaped query string to #exec cmd="..." directives. This issue affects Apache HTTP Server before 2.4.66. Users are recommended to upgrade to version 2.4.66, which fixes the issue.

Vulnerability description

Vulnerabilities found for Apache HTTP Server 2.4.58

Risk description

These vulnerabilities expose the affected applications to the risk of unauthorized access to confidential data and possibly to denial of service attacks. An attacker could search for an appropriate exploit (or create one) for any of these vulnerabilities and use it to attack the system. Notes: - The vulnerabilities are identified based on the server's version.; - Only the first 5 vulnerabilities with the highest risk are shown for each port.; Since the vulnerabilities were discovered using only version-based testing, the risk level for this finding will not exceed "high" severity. Critical risks will be assigned to vulnerabilities identified through accurate active testing methods.

Recommendation

We recommend you to upgrade the affected software to the latest version in order to eliminate the risks imposed by these vulnerabilities.

Evidence

Domain Queried	DNS Record Type	Description	Value
superworks.com	TXT	Text record	"MS=ms67871914"
superworks.com	TXT	Text record	"facebook-domain-verification=7vgpynkemhmoexhyn24rnagbjplqp9"
superworks.com	TXT	Text record	"google-site-verification=9LQXBbs-oyuo0h0iBD0ciJhW2i_Fglpm8IS7HnfUwR8"
superworks.com	TXT	Text record	"google-site-verification=BR3Y7Afe7jz1nhGv9fuC2nIMd28luBDJEJmECn2rN2w"

Vulnerability description

We found that the target server has no DMARC policy configured. A missing DMARC (Domain-based Message Authentication, Reporting, and Conformance) policy means that the domain is not enforcing any DMARC policies to protect against email spoofing and phishing attacks. Without DMARC, even if SPF (Sender Policy Framework) or DKIM (DomainKeys Identified Mail) are configured, there is no mechanism to tell receiving email servers how to handle messages that fail authentication. This leaves the domain vulnerable to abuse, such as email spoofing and impersonation.

Risk description

Without a DMARC policy, your domain is highly vulnerable to email spoofing, allowing attackers to impersonate your brand and send fraudulent emails that appear legitimate. This can lead to phishing attacks targeting your customers, employees, or partners, potentially resulting in stolen credentials, financial loss, or unauthorized access to sensitive systems. Additionally, repeated spoofing attempts can severely damage your brand's reputation, as recipients may lose trust in communications from your domain, associating your brand with malicious activity. The absence of DMARC also prevents you from monitoring and mitigating email-based attacks, leaving your domain exposed to ongoing abuse.

Recommendation

We recommend implementing a DMARC policy for your domain. Start by configuring a DMARC record with a policy of p=none, which will allow you to monitor email flows without impacting legitimate emails. This initial setup helps identify how emails from your domain are being processed by recipient servers. Once you’ve verified that legitimate emails are passing SPF and DKIM checks, you can gradually enforce stricter policies like p=quarantine or p=reject to protect against spoofing and phishing attacks. Additionally, include rua and ruf email addresses in the DMARC record to receive aggregate and forensic reports. These reports will provide valuable insights into authentication failures and help you detect any spoofing attempts.

Evidence

Domain Queried	DNS Record Type	Description	Value
superworks.com	A	IPv4 address	15.206.226.181
superworks.com	NS	Name server	nina.ns.cloudflare.com
superworks.com	NS	Name server	tony.ns.cloudflare.com
superworks.com	MX	Mail server	1 aspmx.l.google.com
superworks.com	MX	Mail server	10 alt3.aspmx.l.google.com
superworks.com	MX	Mail server	10 alt4.aspmx.l.google.com
superworks.com	MX	Mail server	5 alt1.aspmx.l.google.com
superworks.com	MX	Mail server	5 alt2.aspmx.l.google.com
superworks.com	SOA	Start of Authority	nina.ns.cloudflare.com. dns.cloudflare.com. 2394989479 10000 2400 604800 1800
superworks.com	TXT	Text record	"MS=ms67871914"
superworks.com	TXT	Text record	"facebook-domain-verification=7vgpynkemhmoexhyn24rnagbjplqp9"
superworks.com	TXT	Text record	"google-site-verification=9LQXBbs-oyuo0h0iBD0ciJhW2i_Fglpm8IS7HnfUwR8"
superworks.com	TXT	Text record	"google-site-verification=BR3Y7Afe7jz1nhGv9fuC2nIMd28luBDJEJmECn2rN2w"
superworks.com	SPF	Sender Policy Framework	"v=spf1 include:sender.zohoinvoice.in include:_spf.google.com -all"
superworks.com	CAA	Certificate Authority Authorization	0 issue ";"
superworks.com	CAA	Certificate Authority Authorization	0 issue "amazon.com"
superworks.com	CAA	Certificate Authority Authorization	0 issue "amazonaws.com"
superworks.com	CAA	Certificate Authority Authorization	0 issue "amazontrust.com"
superworks.com	CAA	Certificate Authority Authorization	0 issue "awstrust.com"
superworks.com	CAA	Certificate Authority Authorization	0 issue "comodoca.com"
superworks.com	CAA	Certificate Authority Authorization	0 issue "digicert.com; cansignhttpexchanges=yes"
superworks.com	CAA	Certificate Authority Authorization	0 issue "letsencrypt.org"
superworks.com	CAA	Certificate Authority Authorization	0 issue "pki.goog; cansignhttpexchanges=yes"
superworks.com	CAA	Certificate Authority Authorization	0 issue "ssl.com"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild ";"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "SomeCA.com"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "amazon.com"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "amazonaws.com"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "amazontrust.com"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "awstrust.com"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "comodoca.com"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "digicert.com; cansignhttpexchanges=yes"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "letsencrypt.org"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "pki.goog; cansignhttpexchanges=yes"
superworks.com	CAA	Certificate Authority Authorization	0 issuewild "ssl.com"

Risk description

An initial step for an attacker aiming to learn about an organization involves conducting searches on its domain names to uncover DNS records associated with the organization. This strategy aims to amass comprehensive insights into the target domain, enabling the attacker to outline the organization's external digital landscape. This gathered intelligence may subsequently serve as a foundation for launching attacks, including those based on social engineering techniques. DNS records pointing to services or servers that are no longer in use can provide an attacker with an easy entry point into the network.

Recommendation

We recommend reviewing all DNS records associated with the domain and identifying and removing unused or obsolete records.

Operating System	Accuracy
Linux 5.0 - 5.4	95%

Evidence

Software / Version	Category
WordPress	CMS, Blogs
MySQL	Databases
PHP	Programming languages
Ubuntu	Operating systems
RankMath SEO	WordPress plugins, SEO
Apache HTTP Server 2.4.58	Web servers
WP Rocket	Caching, WordPress plugins
Site Kit 1.165.0	Analytics, WordPress plugins
Google Tag Manager	Tag managers
WhatsApp Business Chat	Live chat
Priority Hints	Performance
HSTS	Security
RSS	Miscellaneous
Open Graph	Miscellaneous
jQuery Migrate 3.4.1	JavaScript libraries
jQuery	JavaScript libraries
HubSpot	Marketing automation
Google Analytics	Analytics
Facebook Pixel 2.9.256	Analytics
Taboola	Advertising
Google Font API	Font scripts

Vulnerability description

We noticed that server software and technology details are exposed, potentially aiding attackers in tailoring specific exploits against identified systems and versions.

Risk description

The risk is that an attacker could use this information to mount specific attacks against the identified software type and version.

Recommendation

We recommend you to eliminate the information which permits the identification of software platform, technology, server and operating system: HTTP server headers, HTML meta information, etc.