CVE Detection on WordPress

Which CVE is it exactly?

CVE is detected in the WordPress code. See link for error code 2020-7676 https://drive.google.com/file/d/18O4nhlrQ3WXOIOmCzP3EHMU368yn-QHy/view?usp=drive_link

• This reply was modified 8 months, 3 weeks ago by Inspurate Business Services.

Unfortunately, apart from the number, not much is really visible in the screenshot. According to https://nvd.nist.gov/vuln/detail/cve-2020-7676, it is a problem in the JavaScript file angular.js. This file is not part of the WordPress core: https://github.com/search?q=repo%3AWordPress%2FWordPress%20angular.js&type=code

So I suspect that a theme or plugin you are using is using this file. You would have to find it and contact its support for clarification.

The theme is custom developed, and there are no other third part themes on the system. Also all the plugins are up to date as of now.

The angular.js file may then be used by the custom theme. I would recommend that you contact the person who created this theme for you.

The theme does not have any Angular. It’s a custom them developed by us. Only two plugins contain angular, which are up to date but the issue is still showing.

Which plugins are involved and what do their developers have to say about them? Just because the plugin is up-to-date does not mean that the file is up-to-date.

There is no update from the plugin developers. The plugin is NinjaForm and possibily Agile Store locator which both use Agular.

I can’t find any angular.js in the plugin at https://www.ads-software.com/plugins/ninja-forms/. If you have the Pro version, we can’t help you here in the forum anyway.

I can’t find the file at https://www.ads-software.com/plugins/agile-store-locator/ either.

I would recommend that you look more closely at the message you received to find the location to which it refers. I would currently rule out WordPress as well as these two plugins mentioned (unless you are using their Pro versions, which are not available to me here).