Email about vulnerability in WordPress arrived from my hosting provider

  • Resolved pinkhare

    (@pinkhare)


    8 years, 9 months ago

    The message is like this:

    We have detected vulnerabilities in software installed the pinkhare webhosting package. Please take steps to secure your site immediately. This concerns the following vulnerabilities:

    Privilege escalation vulnerability in WordPress
/home/pinkhare/public_html/wordpress/wp-includes/pluggable.php

SSRF vulnerability in WordPress
/home/pinkhare/public_html/wordpress/wp-includes/http.php

    What should I do?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator James Huff

    (@macmanx)

    Hm, if the core files were edited, then there’s probably some malware elsewhere.

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    I have received some sort of email like this too.
    My hosting provider is Vimexx.
    However upon checking both files, I didn’t see anything really suspicious.
    The think is now what … What steps do I take (already read both links suggested by James Huff)? Is it a false alarm ?

    Moderator James Huff

    (@macmanx)

    I’d never call any security concern a false alarm on first glance, it’s just not worth it.

    Run through the whole guide linked to earlier. If you still get the warning, only then would I be comfortable calling it a false alarm.

    Thread Starter pinkhare

    (@pinkhare)

    Thanks for your answers!
    And I’m sorry that there was my mistake.
    I have two hosting account, and I updated WordPress from version 4.4.1 to 4.4.2 at the last week on the one of my site.
    But the alarm email was arrived for another site of mine. I had not updated to version 4.4.1 on the site. I have updated it for now.
    Silly me!

    Moderator James Huff

    (@macmanx)

    Ah, that would explain it. ??

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Email about vulnerability in WordPress arrived from my hosting provider’ is closed to new replies.

Tags