WordPress.org

Forums

Acunetix WP Security
[resolved] Your plugin has known vulnerabilities. (7 posts)

  1. jorgeorpinel
    Member
    Posted 1 year ago #

    Plugin ver: 4.0.3

    Its a bit ironic that a security plugin has known vulnerabilities :p

    Are you planning to fix these? Thanks, references to follow:

    a) http://xforce.iss.net/xforce/xfdb/91202 (seems more important than b)

    b) http://packetstormsecurity.com/files/125218 & http://osvdb.org/103467

    https://wordpress.org/plugins/wp-security-scan/

  2. jorgeorpinel
    Member
    Posted 1 year ago #

    It's not obvious from the description but actually a may also refer to the same as b and c, it's just less specific.

  3. jorgeorpinel
    Member
    Posted 1 year ago #

    I meant to both links of b, not "b and c". There's no c :B

  4. jorgeorpinel
    Member
    Posted 1 year ago #

    A workaround to this problem is to change the 2 following files:

    In WsdUtil.php add the following line in 238:

    wp_die(); // workaround to http://xforce.iss.net/xforce/xfdb/91202

    In box-database-backup.php change 44 to:

    <input disabled type="submit" class="button-primary" name="backupDatabaseButton" value="<?php echo __('Backup now!');?>"/>

    That will disable the functionality from the back and front ends.

  5. jorgeorpinel
    Member
    Posted 6 months ago #

    So I guess you're not very concerned with security vulnerabilities in your security plugin. That's not a great sign...

  6. Acunetix
    Member
    Plugin Author

    Posted 6 months ago #

    Hi,

    We have just updated the plugin to address this issue. Apologies for the delay.

  7. jorgeorpinel
    Member
    Posted 6 months ago #

    Great! I will update right away.

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Acunetix WP Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic