• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:

    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Vulnerability icon

lifehacker

New Pleskian
Server operating system version
CentOS Linux 7.9.2009
Plesk version and microupdate number
Plesk Obsidian v18.0.65_build1800241122.08 os_CentOS 7
Hello Pleskians.
I have noticed that in "Plesk Obsidian 18.0.65 Update #2 Web Host Edition" in WP Toolkit 6.6.0-9002 ((26 Nov 2024) the extremely annoying "vulnerability icon" of the WordPress Toolkit has re-appeared -again!. At one time it was fixed with "Ignore Low-Risk Vulnerabilities" now it is permanent.

Unfortunately the specific vulnerability exclamations only provide "information noise" and nothing else:
WordPress Core - Informational - All known Versions - Weak Hashing Algorithm (Date: 20.06.2012)
WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key (Date: 10.10.2017)
WordPress Core All Versions - Unauthenticated Blind Server-Side Request Forgery vulnerability (Date: 12/13/2022)

It looks like the fairy tale "never say wolf" at some point there will indeed be a problem and we won't be able to see it directly in the noise created by these exclamations.

Is there any way to disable ONLY these or even set them as "temporarily hidden" or something that solves these noise?
 
I would go even further, this will be a good solution to have possibility to manually ignore vulnerabilities (at our own risk and only accessible at an admin/host level), even if such vulnerabilities exists, those ones are just annoying and nothing is possible to do. This will also allow to ignore "false positive" vulnerabilities (like we have on a paid plugin that have the same slug as a plugin in wordpress plugin directory).
 
Thank you both for your feedback. @lifehacker in order to make sure I get a clear idea of the issue and forward relevant details our team, could you please confirm if you are referring to the red exclamation mark icon that appears under the Security section although WP-Toolkit detects only low-risk vulnerabilities and "Ignore Low-Risk Vulnerabilities" is enabled for the website(s) or if you are referring to a notice that appears somewhere else? I am attaching a screenshot for better reference. Thank you in advance for your cooperation.
 

Attachments

  • security-vulnerabilities-wp-toolkit.png
    security-vulnerabilities-wp-toolkit.png
    181.1 KB · Views: 5
Let me help you out @Sebahat.hadzhi: there was a problem with incorrect data in Wordfence vulnerability database which caused this issue to flare up again. This problem was resolved, so the issue should not be actual again, but I think @Tiria's idea about having a manual ignore option sounds useful. I'll explore this idea with the team to see if we can implement it quickly.
 
Back
Top