WordPress.org

Ready to get started?Download WordPress

Forums

Acunetix WP Security
Your plugin has known vulnerabilities. (4 posts)

  1. jorgeorpinel
    Member
    Posted 4 months ago #

    Plugin ver: 4.0.3

    Its a bit ironic that a security plugin has known vulnerabilities :p

    Are you planning to fix these? Thanks, references to follow:

    a) http://xforce.iss.net/xforce/xfdb/91202 (seems more important than b)

    b) http://packetstormsecurity.com/files/125218 & http://osvdb.org/103467

    https://wordpress.org/plugins/wp-security-scan/

  2. jorgeorpinel
    Member
    Posted 4 months ago #

    It's not obvious from the description but actually a may also refer to the same as b and c, it's just less specific.

  3. jorgeorpinel
    Member
    Posted 4 months ago #

    I meant to both links of b, not "b and c". There's no c :B

  4. jorgeorpinel
    Member
    Posted 4 months ago #

    A workaround to this problem is to change the 2 following files:

    In WsdUtil.php add the following line in 238:

    wp_die(); // workaround to http://xforce.iss.net/xforce/xfdb/91202

    In box-database-backup.php change 44 to:

    <input disabled type="submit" class="button-primary" name="backupDatabaseButton" value="<?php echo __('Backup now!');?>"/>

    That will disable the functionality from the back and front ends.

Reply

You must log in to post.

About this Plugin

About this Topic