pg-fun
Forum Replies Created
-
disbale all plugins except elementor and changed theme to the only other theme i have 2023 – and still broken. Also still broken reverting back to Astra Theme 9 https://wpastra.com/about/?utm_source=theme_preview&utm_medium=author_link&utm_campaign=astra_theme)
/htaccess permissions are fine 0644
still broken – any resolution please – cant believe i am alone with this issue?
Correction version is 3.11.5
thanks
xmlrpc is an option but may effect some wordpress plugins like Jetpack for example not one i use…
also why yesterday all fine all my sites then today highlights this vulnerability.
aslo as per:
https://blog.sonarsource.com/wordpress-core-unauthenticated-blind-ssrf/
been around for a while!
all my WP websites have this “flagged” now and yesterday / previously did not!!
i too
noticed on all my websites this morning (in the UK) have this same reported from PLESK Control Panel / WordPress Toolkit.has this link for more info
https://patchstack.com/database/vulnerability/wordpress/wordpress-6-1-1-unauth-blind-ssrf-vulnerability?_a_id=110and if hover over info “i” :
Unauth. Blind SSRF vulnearbility via DNS Rebinding discovered by THomas Chauchefoin in WordPress versions 6.1.1dont know if a CVE has been raised in the past for this
have also reached out to Wordfence plugin masters at DefiantForum: Themes and Templates
In reply to: [Sydney] Sydney Pro and Woocommerce utdated templates?for info:
Sydney Version: 2.14
Sydney Pro Version: 2.0.5have just updated from 2.1.42 to 2.1.43
and Wordfence reports same:
The Plugin "wpDataTables - Tables & Table Charts" has a security vulnerability. Type: Vulnerability Scan Issue Found Critical DETAILS Plugin Name: wpDataTables - Tables & Table Charts Current Plugin Version: 2.1.43 Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove "wpDataTables - Tables & Table Charts" until a patched version is available. Get more information. (opens in new tab) Plugin URL: https://wpdatatables.com Repository URL: https://wordpress.org/plugins/wpdatatables Vulnerability Information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24197still being reported:
The Plugin "wpDataTables - Tables & Table Charts" has a security vulnerability. Type: Vulnerability Scan Issue Found Critical DETAILS Plugin Name: wpDataTables - Tables & Table Charts Current Plugin Version: 2.1.42 Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove "wpDataTables - Tables & Table Charts" until a patched version is available. Get more information. (opens in new tab) Plugin URL: https://wpdatatables.com Repository URL: https://wordpress.org/plugins/wpdatatables Vulnerability Information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24197doesnt help – as any CVE on a plugin will always be reported as security vulnerability.
In my case moved from one Tanel plugin (Tablepress) to yWP Datatables ad it to has an outstanding CVE… in short is being reported as security vulnerability.
In my Case World Renown Security Pkugin Wordfence is reporting as crictical…
The Plugin "wpDataTables - Tables & Table Charts" has a security vulnerability. Type: Vulnerability Scan Issue Found Critical DETAILS Plugin Name: wpDataTables - Tables & Table Charts Current Plugin Version: 2.1.42 Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove "wpDataTables - Tables & Table Charts" until a patched version is available. Get more information. (opens in new tab) Plugin URL: https://wpdatatables.com Repository URL: https://wordpress.org/plugins/wpdatatables Vulnerability Information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24197any update to resolve so i continue to use this table plugin before moving to another one!!
Which i dont wish to do – again!!
Wordfence reporting because of the CVE in place:
Plugin Name: wpDataTables - Tables & Table Charts Current Plugin Version: 2.1.42 Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove "wpDataTables - Tables & Table Charts" until a patched version is available. Get more information. (opens in new tab) Plugin URL: https://wpdatatables.com Repository URL: https://wordpress.org/plugins/wpdatatables Vulnerability Information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24197a little annoying as moved from plugin with CVE in place TablePress so Wordfence will scan and pick this up as an issue “all day long” (because of the cve that hasnt been resolved/vulnerability fixed?)
moved to your plugin just yesterday!! arrgggh and get a Wordfence Vulnerability scan for your plugin v 2.1.42
Forum: Plugins
In reply to: [TablePress - Tables in WordPress made easy] Critical VulnerabilityHi
so how do we resolve / stop Wordfence reporting – against a CVE not initiated by them…their is “risk” hence why it has been flagged (i am not a developer)
I use Wordfence.com/central to monitor my sites, and it is flagged
ok i agree flagged this month why not previous months!!I will have to consider disable of the plugin, but i dont wish to do that.
would there be an update/fix on your next release?
Forum: Plugins
In reply to: [WooCommerce] bbbbb fake orders….Hi All – Paul (PG-FUN) here form the UK
I am still getting these fake orders and i am on v4.8 of WooCommerce
they are all as per
https://developer.woocommerce.com/2020/11/05/developer-advisory-spam-orders-and-accounts-from-bots/and from various IP address around the planet…
they are annoying
what can i do
other than what i am doing
cancelling them under orders and deleting themregards
Paul Griffiths
from the UKForum: Plugins
In reply to: [Wordfence Security - Firewall, Malware Scan, and Login Security] Wordfence –also or Immediately lock out invalid usernames
max i can do in free version if 2 monthsbut brute force attackers use admin a lot as username –
so wondered if can be blocked / locked out for ever – not just 2 monthsyou might say if similar to a real logon dont want them locked out – but for me i am the admin of all the sites and my logons usernames are not even close to spelling etc.. – so i think unlikely to lock out accidently.
my username list includes a number of variations on admin that have been used / tired on my sites.
makes sense
Can this thread be deleted please?
as I logged on cannotthink I have resolved myself
please delete this thread from this forum