CSRF vulnerability detected in autoptimize file

  • Resolved ellenderidder

    (@ellenderidder)


    1 year, 9 months ago

    My hosting provider has send me a mail that a CSRF vulnerability was detected and that they fixed it. The script the vulnerability was detected in is: /httpdocs/webshop/wp-content/cache/autoptimize/js/autoptimize_snippet_2a454e7fd5512a506a021e83c6c4c920.js

    So it seems to have to do something with the Autoptimize plugin? Is there indeed a problem with the plugin? Or can you advize on how to prevent this?

    The plugin and website seem to work fine, but I am sligthly worried about this message.

    Kind regards,

    Ellen de Ridder

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Optimizing Matters

    (@optimizingmatters)

    Middag Ellen;
    The autoptimize-file is the automatically created minified version of one of your site (theme/ plugin) original JS-files.

    As such, it is possible the original file (which will not be referenced in the HTML) contains the same vulnerability which should also be checked/ fixed.

    Alternatively but somewhat less likely it could also be the case that your site is compromised somehow and that the JS is changed by the “virus”.

    Thirdly it is not impossible this was a false positive (vulnerability scanning software sometimes get it wrong).

    hope this helps/ clarifies,
    frank

    Thread Starter ellenderidder

    (@ellenderidder)

    Hallo Frank,

    Thank you for your fast reply and clarification. I will keep monitoring it for a while, but I assume it was option 3 (a false positive).

    Kind regards,

    Ellen

    Plugin Author Optimizing Matters

    (@optimizingmatters)

    graag gedaan Ellen, feel free to leave a review of the plugin and support here! ??

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘CSRF vulnerability detected in autoptimize file’ is closed to new replies.

Tags