« previous next »
Pages: [1]   Go Down

Author Topic: WP website cleansed, but still with vulnerable code & misconfiguration!  (Read 921 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
WP website cleansed, but still with vulnerable code & misconfiguration!
« on: November 29, 2015, 12:30:54 AM »
WP version (plug-in and theme) is up to date, but we see a warning because User Enumeration is possible.
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Code that should be retired because vulnerable libraries detected:
http://spencer-combs.com
Detected libraries:
jquery-migrate - 1.2.1 : -http://spencer-combs.com/wp-includes/js/jquery/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.3 : -http://spencer-combs.com/wp-includes/js/jquery/jquery.js
1 vulnerable library detected

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »