blueblueblu

Hi @catacaustic,
Thank you paid your time for this question.
All alerts come from original source that code download from www.ads-software.com, IT dept. ask my customer to do something to let these issue no longer appear.
We have no idea how to do, so I’m here…………..Q.Q

Hi @mmaattiiaass thanks your reply, below is the partial list (3/5456)

List No. / Severity / Title / Description / File Name / Line / code 
1. / Medium / Potential XSS / The application appears to reflect data to the screen with no apparent validation or sanitisation. It was not clear if this variable is controlled by the user. / wp-admin\wp-links-opml.php / 70 / <outline type="category" title="<?php echo esc_attr( $catname ); ?>">
2. / Medium / mt_rand / The application uses pseudo-random number generation that is not cryptographically secure. Carry out a manual check to ensure this is not being used in a process that requires cryptographically secure random numbers. / wp-admin\wp-admin\admin.php / 80 / if ( $c <= 50 || ( $c > 50 && mt_rand( 0, (int) ( $c / 50 ) ) === 1 ) ) {
3. / Standard / preg_replace / This function will evaluate PHP code. It is dangerous when used with user controlled parameters and may facilitate direct attacks against the web server. Conduct a manual review of this section to ensure safe usage. / wp-admin\wp-login.php / 1120 / 				$redirect_to = preg_replace( '|^https://|', 'https://', $redirect_to );

Sacn tool: VisualCodeGrepper

• This reply was modified 3 years, 1 month ago by blueblueblu.

I had the problem as same as yours, after I change Collation to utf8_unicode_ci from table and attribute (some attribute needed to change), and it work now~