I have the Solid Security plugin enabled on my website and the daily scan report always returns the same issue:
“Known Vulnerabilities
WordPress Slide Anything plugin <= 2.4.9 – iFrame Injection to Cross-Site Scripting (XSS) vulnerability”
Is this something you guys are working on or something I shouldn’t be concerned about as I use the plugin on quite a few of my websites
]]>What should we do? Thank you.
]]>It’s such a nice plugin I hate to replace it.
On WordPress 6.3
]]>plupload
URL: https://*********************/wp-includes/js/plupload/plupload.js
Detection method: The library’s name and version were determined based on the file’s contents.
CVE-ID: CVE-2012-2401, CVE-2013-0237
Description: Same Origin Policy bypass / Cross-site scripting (XSS) vulnerability in Plupload.as
References:
https://www.cvedetails.com/cve/CVE-2012-2401/
https://www.cvedetails.com/cve/CVE-2013-0237/
Vulnerability Description
You are using one or more vulnerable JavaScript libraries. One or more vulnerabilities were reported for this version of the library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported.
Discovered by JavaScript Library Audit (Internal)`
How to fix this vulnerability
Upgrade to the latest version.
Classification
CWE
CWE-937
CVSS
Base Score: 6.5 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector: Network
Attack Complexity: Low
Privileges Required: None
User Interaction: None
Scope: Unchanged
Confidentiality: Low
Integrity: Low
Availability: NoneThe current version (v2.1.9) doesn’t seem to be the latest.
Plupload – multi-runtime File Uploader
* v2.1.9
It would be nice to have this library updated on the next wp upgrade.
]]>SEO Redirection <= 6.3 – Authenticated Reflected Cross-Site Scripting (XSS) reported by iThemes Security, first posted 3/16/2021?
]]>This page does not show when going to the site and navigating to the product page.
Need some help to fix this, any pointer appreciated.
]]>Is there a way to safely and permanently replace this file without breaking WordPress/future updates?
Message received:
THREAT REFERENCE
Summary:
vulnerable jQuery UI version: 1.11.4
Risk: High (3)
Port: 443/tcp
Protocol: tcp
Threat ID: web_lib_jqueryui
Details: jQuery UI closeText Cross-site Scripting Vulnerability
08/17/18
CVE 2016-7103
Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.
Information From Target:
Service: https
Sent:
GET /wp-includes/js/jquery/ui/datepicker.min.js?ver=1.11.4 HTTP/1.0
Host: [removed]
Received:
* jQuery UI Datepicker 1.11.4