Http vs https
-
The latest version of event calendar causes a PCI compliance scan failures, several times on the page:
Vulnerability: HTTPS request can be accessed over HTTP
Evidence:
DetectionDetails: Vulnerability Found. Page Accessible through HTTP.
Request: GET https://www.goufraisusa.com/events/month/2021-06/
HTTP/1.1
Several others are similar
This problem didn’t exist before recent update.I disable the plugin and this series of vulnerabilities disappeared. I also checked to make sure the server was configured correctly in response to the recommended remediation:
Examine your Web Server’s configuration to determine why pages that
should only be viewable via HTTPS are being served over HTTP. Also,
examine the configuration of any applications you have installed to
ensure that the proper permissions are in place to prohibit forceful
browsing of HTTPS resources over HTTP.
- The topic ‘Http vs https’ is closed to new replies.