security for wp4.9.4 : plugin security scanner found something?
-
Hello community,
On two websites : https://www.nicolaskaragiannis.com and https://www.adp-nuances-chromatiques.com , my plugin ” plugin security scanner” found one vulnerability, that i think is about the new wordpress core update.
-Here is the message i got in my wp dashboard :
Vulnerability found: WordPress <= 4.9.4 – Application Denial of Service (DoS) (unpatched) — View details
Scan completed: 1 vulnerability found.
-And here is the detail log :
https://wpvulndb.com/vulnerabilities/9021
After contacting my webhoster, they told me that for them, after a security scan, all is good. But i am not convinced.
Could someone exlplain me this log and of course if its dangerous? i still got this warning message from this plugin in my dashboard.
(I made the wp update 4.9.4 anyway)Thanks
Nico
The page I need help with: [log in to see the link]
-
I am on 4.9.4 also, and my sitelock report is showing the error: WordPress <= 4.9.4 – Application Denial of Service (DoS)
An online search brought up a wpcampus.org site that showed a workaround https://wpcampus.org/2018/02/version-4-9-3-version-4-9-4-denial-service-vulnerability/:Instead, I would suggest adding a couple of lines to your htaccess file to watch for requests to these file, and block them if the length of the load list is too long.
RewriteCond %{REQUEST_URI} ^/wp-admin/load-(scripts|styles)\.php$
RewriteCond %{QUERY_STRING} load(?:\[\])?=(.{256,})$
RewriteRule ^(.*)$ – [F,L]In the full list of scripts, there are 2650 characters. In the above htaccess example, I’ve set it so if there are more than 256 characters forbid the request. You may need to adjust that number upwards if you find your loaded scripts list is longer.
Has anyone tried this? Does it sound like a good idea?
all the best,
Nathalie
- The topic ‘security for wp4.9.4 : plugin security scanner found something?’ is closed to new replies.