Cross site scripting error with wp-login page?

  • Resolved tcwaters

    (@tcwaters)


    9 years, 11 months ago

    Setting up a new site, ad the security scan required by our University is reporting that wp-login page is vulnerable to cross site scripting, and a blind SQL injection vulnerability. I’ve never had these pop up before with other sites/ older versions of WordPress, and I’m not sure what to tell our security folks , but I’m in limbo and can’t get this site going until these are resolved.

    The search I’ve done here on www.ads-software.com seems to find items from prior to 3.9.2 and also for some plugins, but can’t find anything that addresses wp-login itself.

    THX

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator James Huff

    (@macmanx)

    AFAIK, there are no known security vulnerabilities in WordPress 4.0.1.

    If is a fresh installation from the files at https://www.ads-software.com/download/ or has the installation been online for a while?

    Thread Starter tcwaters

    (@tcwaters)

    Fresh install done just a few days ago.

    Moderator James Huff

    (@macmanx)

    Hm, ok it should be just fine.

    Just in case, try downloading WordPress again and delete then replace your copies of everything except the wp-config.php file and the /wp-content/ directory with fresh copies from the download. This will effectively replace all of your core files without damaging your content and settings. Some uploaders tend to be unreliable when overwriting files, so don’t forget to delete the original files before replacing them.

    If it still reports the problem, ask the University folks to look into it. Either there is something wrong with what they’re using to check, or there is a legitimate security concern. If they do find a legitimate security concern, please ask them to report it following this guide: https://codex.www.ads-software.com/Security_FAQ

    Thread Starter tcwaters

    (@tcwaters)

    After further testing the security officer alerted me that it was a false positive and there was no problem. The site passed the security scan. THX for your help.

    Moderator James Huff

    (@macmanx)

    You’re welcome, and thanks for letting us know!

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Cross site scripting error with wp-login page?’ is closed to new replies.