I use Hosted Scan to scan for vulnerabilities and in an OpenVAS scan today, it suggested that 3 of the 11 WordPress sites were Joomla sites and vulnerable. I can find nothing on these sites that would trigger a suggestion of Joomla at either the hosting level or in the files being hosted. Hosted Scan suggested I reach out here to find out how the scan determines the CMS and what might have triggered the scan to think a WordPress site was a Joomla site.
@rippledj I suppose the company HostedScan.com is what is meant here. They are offering a platform utilizing OpenVAS. @jmarpo I suggest to ask HostedScan for support. AFAIK People from Greenbone tried to communicate with them to understand better what they do with OpenVAS, but they did not respond. @jmarpo You may try the Greenbone Cloud Service (for free) here: https://app.greenbone.cloud/ui/extern/register/free, which offers you support when you consider becoming a customer.