[Plugin: WordPress Exploit Scanner] The latest out of the box WP (3 posts)

  1. bottleneck
    Posted 6 years ago #

    Donncha, thanks for your great efforts!

    Here is something that I would like to ask:

    By using your plugin I got some warnings on my sites ( who doesn't :) and before start cleaning I decided to take a look on the out-of-the-box installation.

    I got WP 2.8.5, made a clean installation and ran exploit-scanner.

    On two different web hosts after out-of-the box clean WP 2.8.5 installations exploit-scanner gives the same:

    Modified Core Files
    1. ../public_html/blank/license.txt
    2. ../public_html/blank/wp-includes/images/crystal/license.txt
    3. ../public_html/blank/wp-includes/js/scriptaculous/MIT-LICENSE
    4. ../public_html/blank/wp-includes/js/swfupload/plugins/swfupload.speed.js
    5. ../public_html/blank/wp-includes/js/tinymce/license.txt

    Could you please explain this?

    Thanks again for your efforts.

  2. Ryan Boren
    WordPress Dev
    Posted 6 years ago #

    The eol-style svn property for all WP files is set to native except for those files. The license files are set to CRLF and swfupload.speed.js should be set to native but instead is missing the eol-style property. We'll have to take eol style into account when checking those files.

  3. bottleneck
    Posted 6 years ago #

    Thanks to you, Ryan and all WordPress Exploit Scanner's team!


Topic Closed

This topic has been closed to new replies.

About this Topic