Security Scans and False Positives

  • Resolved onsharp

    (@onsharp)


    1 year ago

    Hello,

    We scan all of our client’s websites for security issues and we believe some of the security issues coming back are false positives being triggered by what CleanTalk is doing to prevent SPAM. SQL injection vulnerabilities are being reported back but we think they are false positives. The addresses reporting back as security problems are like this one for instance: https://www.domainexample.com/?apbct__email_id__search_form_18148=18148&apbct_submit_id__search_form_18148=18150-2&s=ZAP
    The source code for the page that loads is reporting information back to our scanning service that is triggering these SQL injection vulnerabilities in reports.
    You can view a screengrab of what we think is the problem here: https://snipboard.io/drZWAv.jpg
    Is there anything we can do about this by adjusting the CleanTalk settings?

    Let me know,
    Mike

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support sergecleantalk

    (@sergecleantalk)

    Hello,

    I will ask our developers about this. We will contact you within 1-3 business days.

    Plugin Support sergecleantalk

    (@sergecleantalk)

    Yes, these are false positives. You can try to disable the ‘Store visited URLs’ option here:

    WordPress Dashboard -> Settings -> Antispam by Cleantalk -> Advanced settings

    Did it help?

    Thread Starter onsharp

    (@onsharp)

    Thank you, I’ve made that adjustment. I’m running another security scan now. I’ll report back when it’s complete.

    Plugin Support sergecleantalk

    (@sergecleantalk)

    Please keep us informed

    Plugin Support sergecleantalk

    (@sergecleantalk)

    Hello.
    We haven’t heard back from you in a few days, so I’m going to mark this topic as “resolved”.
    If you need further support, you can start a new topic or contact us via our private Ticket System:?https://cleantalk.org/my/support/open.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Security Scans and False Positives’ is closed to new replies.