My client did a source code review with Fortify. The below vulnerabilities flagged as present in WordPress core:
Critical – 6812
High – 3241
Medium – 3558
Low – 3262
Most of the critical errors flagged are: Cross-Site Scripting: Persistent & Cross-Site Scripting: Reflected
Dangerous File Inclusion
Dynamic Code Evaluation: Code Injection
Password Management: Hardcoded Password
Password Management: Password in HTML Form
Privacy Violatoin: Heap Inspection
System Information Leak
How do I answer the client? Any 3rd party information on this that supports my case that WordPress is not vulnerable?
- The topic ‘Security vulnerabilities in WordPress’ is closed to new replies.