Scan by new Gravityscan
-
Hi
I have run a scan of my site using the new Gravityscan released today by Wordfence and have received the following three severe alerts:
1
Title: My Calendar 1.10.2 – XSS in PATH_INFO Parameter
Type: Vulnerability
Severity: High (7.5)
Product: WordPress WordPress
Description: Vulnerability found in My Calendar version $version. Upgrade to at least version undefined.
Vendor URL: https://www.joedolson.com
Site URL: https://natcorn.org.uk/wp-content/plugins/my-calendar/my-calendar-core.php2
Title: My Calendar <= 2.3.28 – Cross-Site Scripting (XSS)
Type: Vulnerability
Severity: High (7.5)
Product: WordPress WordPress
Description: Vulnerability found in My Calendar version $version. Upgrade to at least version undefined.
Vendor URL: https://www.joedolson.com
Site URL: https://natcorn.org.uk/wp-content/plugins/my-calendar/my-calendar-core.php3
Title: My Calendar <= 2.3.29 – Arbitrary File Override & Reflected XSS
Type: Vulnerability
Severity: High (7.5)
Product: WordPress WordPress
Description: Vulnerability found in My Calendar version $version. Upgrade to at least version undefined.
Vendor URL: https://www.joedolson.com
Site URL: https://natcorn.org.uk/wp-content/plugins/my-calendar/my-calendar-core.phpAm I right to be concerned? Are these valid issues with the plugin? Or should I notify Wordfence of false positives?
Many thanks for your help.
Keith Gordon (I am using My Calendar Version 2.5.9)
- The topic ‘Scan by new Gravityscan’ is closed to new replies.
