Inconsistent scan results

  • Resolved Imagesaxpaolo

    (@saxpaolo)


    2 months, 1 week ago

    Hello, I received some alerts from Solid Security, but these looks not correct to me (free version).
    After site scan I got the following results:

    • “Sensitive Data Exposure” & “Cross Site Scripting (XSS)” -> Vulnerable Version: <= 6.8.2
      …but the last WordPress version is installed.
    • “[username] has administrator capabilities, but does not have a strong password.”
      …in this case, maybe the user password is actually weak, but the user in question has “Editor” capabilities, no “adminstrator”
Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support Imagechandelierrr

    (@shanedelierrr)

    2 months ago

    Hello @saxpaolo,

    Glad you reached out to us!

    For the first item, are you still seeing the same flag on your latest site scan results? If so, there is a chance that the you’re seeing a cached version.

    Try clearing the site’s cache and running a manual scan from the Solid Security page. After you run the scan, please go to the Security Logs page > All Events filter and then confirm if the scan result log contains the same vulnerability flag.

    As for the second item, that alert means the user has at least one administrator-level capability, even if their role is shown as Editor (for example, manage_options). I’d recommend reviewing their role and remove them. If they do need those extra permissions, I suggest enforcing strong passwords for them.

    Hope this helps, and looking forward to your confirmation.

    Plugin Support Imagechandelierrr

    (@shanedelierrr)

    3 weeks, 5 days ago

    Hi there,

    Just checking back in to make sure everything’s working for you now. Since we haven’t heard back, I’ll assume things are resolved and close this thread.

    If you run into any more issues, please feel free to open a new thread and we’ll be glad to help.

Viewing 2 replies - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.