Support » Fixing WordPress » old wordpress files not removed after wp5.8 update

  • Resolved shron_shron77

    (@shron_shron77)


    Low Severity Problems:

    * Old WordPress core file not removed during update: wp-includes/css/dist/editor/editor-styles-rtl.css

    * Old WordPress core file not removed during update: wp-includes/css/dist/editor/editor-styles-rtl.min.css

    * Old WordPress core file not removed during update: wp-includes/css/dist/editor/editor-styles.css

    * Old WordPress core file not removed during update: wp-includes/css/dist/editor/editor-styles.min.css

    The page I need help with: [log in to see the link]

Viewing 11 replies - 1 through 11 (of 11 total)
  • Moderator Hari Shanker R

    (@harishanker)

    Hi @shron_shron77

    Thanks for flagging this with us. I’m guessing from your message that you got this notification while scanning using a security plugin (such as WordFence or Sucuri), is that right?

    This could be because hosting providers that provide managed WordPress hosting leave old WordPress files in place and set permissions so that they can’t be deleted.

    Please reach out to your hosting provider about this error, and they should be able to fix this for you.

    Let us know if you have any other questions.

    @harishanker: This is a known bug that’s being tracked in the issue linked above, and scheduled to be fixed in 5.8.1. It’s not a hosting- or plugin-related problem.

    Moderator Hari Shanker R

    (@harishanker)

    My bad, I stand corrected, @gappiah. Sorry I missed your reply before I commented! I hope this bug gets fixed soon. Thanks for the flag and the helpful reply, George!

    Thread Starter shron_shron77

    (@shron_shron77)

    thanks guys!

    I wander how long before this vulnerability is exploited hopefully a fix comes sooner rather than later.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    It’s not a vulnerability @thyran

    4 CSS files used by WordPress 5.7, but not 5.8, were simply not removed during update to 5.8.

    They will be removed when updating to WordPress 5.8.1 when it’s released later.

    For more details, see https://core.trac.wordpress.org/ticket/53702

    Again, this is not a vulnerability.

    Thanks for that clarification my WAF picked it up as a threat a low one but still a threat so I assumed it was one since it detected it as one.
    Reading online and it appears css files are not impervious to security vulnerabilities. I guess this is why it is detected as one.

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    I’m pretty sure they’re just detecting it as files that shouldn’t exist, but only they can answer why.

    I can definitely confirm there are absolutely no vulnerabilities in these files.

    Apologies if this question is dumb, but I also am getting a notification regarding the same 4 files on Sucuri.

    Can I just delete them or do I need to add them to an old file? Thanks in advance!

    Moderator James Huff

    (@macmanx)

    Volunteer Moderator

    You can just delete them.

Viewing 11 replies - 1 through 11 (of 11 total)
  • You must be logged in to reply to this topic.