musclemeat.nl

Scanned Apr 5, 2026, 02:54 PM

Re-scan — Upgrade

A · Safe

Plugins Detected

Active Vulnerabilities

Outdated Plugins

Abandoned

Security Assessment

Key findings for musclemeat.nl

22 active vulnerabilityies detected across 25 plugins.
7 plugins are outdated and should be updated.
Security headers grade F — 4 important headers are missing.

WordPress

Version 6.0.11

Core installation

Active Theme

mm-theme

Up to date

Hosting Provider

Cloudflare

Infrastructure

Detected Plugins

25 total

Plugin	Version	Status	Vulnerabilities	Score
Slider, Gallery, and Carousel by MetaSlider – Image Slider, Video Slider high confidence	3.92.0→3.106.0	Outdated	mediumCVE-2025-5337 mediumCVE-2025-1203 +3 more	94
Complianz – GDPR/CCPA Cookie Consent high confidence	7.1.5→7.4.4.2	Outdated	mediumCVE-2026-2389 mediumCVE-2025-11185	92
Post Slider and Post Carousel with Post Vertical Scrolling Widget – A Responsive Post Slider high confidence	3.2.1→3.5.5	Outdated	mediumCVE-2025-4567	99
Billink – Legacy high confidence	2.5.2	Up to date	None found	92
PostNL for WooCommerce high confidence	5.9.4	Up to date	None found	100

14 vulnerabilityies found in 20 hidden plugins

Your full security report is ready

We found 25 plugins on this site. Unlock the complete analysis:

All 25 detected plugins

CVE details & patch status

Security header analysis

Exposed paths & TLS audit

DNS & email security

CT log subdomain discovery

One-time payment · Instant access · No subscription required

Security Posture

Security Headers

TLS/SSL

Exposed Paths

Email Security

Security Headers

17/100

Content-Security-Policy

No Content-Security-Policy header. Your site is more vulnerable to XSS attacks.

Strict-Transport-Security

No HSTS header. Browsers can be tricked into using insecure HTTP connections.

X-Frame-Options

No clickjacking protection. Your site can be embedded in malicious iframes.

3 more checks — unlock full report to see all

TLS/SSL Certificate

Issuer

WE1

Expires

40 days

Protocol

TLSv1.3

Wildcard

Yes

Exposed Paths & Login Security

0 exposed

No critical paths exposed. Unlock for the full breakdown.

DNS & Email Security

SPF

SPF record with hard fail (-all) — strong email authentication.

DMARC

DMARC policy is set to quarantine — good protection against spoofing.

DKIM

DKIM record found for selector "selector1". Email signatures can be verified.

Certificate Transparency

425 certificates found · 4 subdomains discovered

Infrastructure

Server Software

Server: cloudflare

X-Powered-By

X-Powered-By header is not exposed.

Web Application Firewall

Cloudflare WAF detected — provides additional protection against attacks.

WP Version Exposed

WordPress version 6.0.11 is exposed in the generator meta tag. Consider removing it.

Scan another site