6scan detects file that could be exploited

  • ClairvoyanceForYou

    (@clairvoyanceforyou)


    10 years, 4 months ago

    This XSS vulnerability is exploitable, because input is not checked for html characters

    Login to your WordPress FTP
    Go to your SEO Friendly Images XSS directory
    Backup the seo-friendly-images.php file
    Open it for editing
    Find the “$_SERVER[‘REQUEST_URI’] string”
    Replace it with
    htmlspecialchars( $_SERVER[‘REQUEST_URI’] , ENT_QUOTES )
    Save
    Check SEO Friendly Images functionality, to make sure it works as intended
    Done

    Should I do this?

    http://wordpress.org/plugins/seo-image/

Viewing 1 replies (of 1 total)
  • 6Scan

    (@6scan)

    10 years, 4 months ago

    Hi ClairvoyanceForYou,

    If our scan found this security issue on your WordPress site, then yes, you should follow the fix instructions to make sure that you patch it up so it isn’t used for malicious purposes.

    If you run into any problems, you are welcome to contact support@6scan.com and we’ll happily help you. (For security reasons, please don’t post details of your site on this public forum.) Of course, if you don’t feel comfortable fixing the problem on your own, you can also look at our automatic fix options, which will fix this (and any other) security issues on your site automatically.

    Thanks for using 6Scan!

Viewing 1 replies (of 1 total)
  • The topic ‘6scan detects file that could be exploited’ is closed to new replies.