WordFence vulnerability detect

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support Kim L

    (@kimmyx)

    Hi @officezen,

    Thanks for the report!

    Our dev team is already aware of this and is looking into it.

    We’ll get back to you as soon as we receive feedback. ??

    We appreciate your patience and let us know if you have other questions.

    How long until you fix this ? @kimmyx its now days! what is really bad

    Plugin Author Daniel Iser

    (@danieliser)

    @officezen – Try v2.6.0.

    To be clear it is both true, but also a false positive in how it is represented based on generic categorization.

    It did not allow any hacking of your site for example, but if you had set up specific features so that your content showed “Restricted Content” notices but still appeared in archives or search results, then someone could effectively guess your content & expose it with repeated searches. Ultimately WP core’s search showing results (which is what was set up by the admin), actually confirms the searched content exists in the restricted item.

    You can read about this specific issue here:?https://contentcontrolplugin.com/docs/security/preventing-bots-from-discovering-restricted-content/#how-content-can-be-exposed

    Now its removed from search by default, and if you turn it on you basically have to acknowledge you know what your doing.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.