SiteScan stuck in the past…
-
Hi,
I am running your plugin on sharethefaith.net. Since last update or the one before or so I am, along with every admin and editor are getting TWICE a day the following email (just en case you wont spot – our plugins are updated and versions that are listed in this enail are from the past, plus, some plugins (mailpoet) are no longer in our system…) :
Site Scan
The scheduled site scan found 13 issues when scanning https://sharethefaith.net.
Known Vulnerabilities
WordPress Auto ThickBox Plus Plugin <= 1.9 - Reflected Cross Site Scripting
Manage Vulnerability | View in Patchstack
WordPress Code Snippets plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability
Manage Vulnerability | View in Patchstack
WordPress Easy Social Icons plugin <= 3.2.4 - Cross Site Scripting (XSS) vulnerability
Manage Vulnerability | View in Patchstack
WordPress Easy Social Icons plugin <= 3.2.5 - Broken Access Control vulnerability
Manage Vulnerability | View in Patchstack
WordPress Jetpack plugin 13.0-14.0 - Unauthenticated DOM-XSS vulnerability
Manage Vulnerability | View in Patchstack
WordPress Jetpack plugin < 13.9.1 - Authenticated Arbitrary Feedback Access vulnerability
Manage Vulnerability | View in Patchstack
WordPress MailPoet plugin < 5.3.2 - Admin+ Stored XSS vulnerability
Manage Vulnerability | View in Patchstack
WordPress WooCommerce plugin < 9.4.3 - Unauthenticated Order Creation vulnerability
Manage Vulnerability | View in Patchstack
WordPress WooPayments plugin <= 6.6.2 - Unauthenticated Insecure Direct Object References (IDOR) vulnerability
Manage Vulnerability | View in Patchstack
WordPress WooPayments plugin <= 6.4.2 - Cross Site Scripting (XSS) vulnerability
Manage Vulnerability | View in Patchstack
WordPress WooCommerce Payments plugin <= 5.9.0 - SQL Injection vulnerability
Manage Vulnerability | View in Patchstack
WordPress WooCommerce Payments plugin <= 5.9.0 - Insecure Direct Object References (IDOR) vulnerability
Manage Vulnerability | View in Patchstack
WordPress WPForms Lite plugin <= 1.9.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via fieldHTML Parameter vulnerability
Manage Vulnerability | View in PatchstackI have disabled sitescan completely as well as removed all of the emails in the plugin settings exxcept my…. however this email “Scheduled site scan report: Vulnerable Software” is coming twice a day to all five of us…
perplexed and moderately annoyed
-
Hey there,
When getting old vulnerability data for issues that have already been resolved, a few things could be happening.
One common occurrence is an old staging site producing the report, but because it has the production site information, it looks like the notifications are coming from the production website. So, if you know of a staging site, verify that the notifications aren’t accidentally being sent from it.If this isn’t the case, try removing and re-adding your SolidWP Security Pro license if using pro to the website. If the error persists, you might be due to plugin transient data, so I’d suggest installing a transient clearing plugin like?Transients Manager?and clearing the plugin’s transients.
Upon activating the Transients Manager plugin, you need to go to?Tools ? Transients?in your WordPress dashboard. From here, you will see a list of transients stored in your WordPress database.
You can perform bulk deletion tasks or delete transients individually.
This page lets you perform the following bulk actions:- Delete expired transients.
- Delete selected transients.
- Delete all transients with an expiration date.
- Delete all transients.
You can start with deleting all transients that start with “itsec_” if that doesn’t resolve it try deleting all transients.
Sincerely,
Kevin
- You must be logged in to reply to this topic.
