Sitelock scan finds vulnerabilities
-
A recent scan by sitelock.com found the following issues:
http://<<site>>/wp-includes/js/l10n.js?ver%3D20101110
VulnerabilityPage URL:http://<<site>>/wp-includes/js/l10n.js?ver%3D20101110
XSS Info:Cross site scripting vulnerability found in args verhttp://<<site>>/wp-admin/css/login.css?ver%3D20110121
VulnerabilityPage URL:http://<<site>>/wp-admin/css/login.css?ver%3D20110121
XSS Info:Cross site scripting vulnerability found in args verhttp://<<site>>/wp-admin/css/colors-fresh.css?ver%3D20110121
VulnerabilityPage URL:http://www.sarquol.com/wp-admin/css/colors-fresh.css?ver%3D20110121
XSS Info:Cross site scripting vulnerability found in args verhttp://<<site>>/wp-comments-post.php?akismet_comment_nonce%D00d2a54a38%26author%3D1%26comment%3D1%26comment_post_ID%3D323%26email%3D1%26submit%3DSubmit Comment%26url%3D1
VulnerabilityPage URL:http://<<site>>/wp-comments-post.php?akisme
t_comment_nonce%3D00d2a54a38%26author%3D1%26commen
t%3D1%26comment_post_ID%3D323%26email%3D1%26submit
%3DSubmit Comment%26url%3D1
XSS Info:Cross site scripting vulnerability found in args akismet_comment_nonce, author, comment, comment_post_ID, email, submit, urlhttp://<<site>>/xmlrpc.php?rsd
They are offering to “clean them up” for me, for a charge, but is it likely they are real?
I have also since upgraded to version 3.1.2, but at the time of the scan was on 3.1.1.
Thanks,
David Howard
The topic ‘Sitelock scan finds vulnerabilities’ is closed to new replies.