• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • Our UX team believes in the in the power of direct feedback and would like to invite you to participate in interviews, tests, and surveys.
    To stay in the loop and never miss an opportunity to share your thoughts, please subscribe to our UX research program. If you were previously part of the Plesk UX research program, please re-subscribe to continue receiving our invitations.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Resolved Vulnerability icon

L

lifehacker

New Pleskian
Server operating system version
CentOS Linux 7.9.2009
Plesk version and microupdate number
Plesk Obsidian v18.0.65_build1800241122.08 os_CentOS 7
Hello Pleskians.
I have noticed that in "Plesk Obsidian 18.0.65 Update #2 Web Host Edition" in WP Toolkit 6.6.0-9002 ((26 Nov 2024) the extremely annoying "vulnerability icon" of the WordPress Toolkit has re-appeared -again!. At one time it was fixed with "Ignore Low-Risk Vulnerabilities" now it is permanent.

Unfortunately the specific vulnerability exclamations only provide "information noise" and nothing else:
WordPress Core - Informational - All known Versions - Weak Hashing Algorithm (Date: 20.06.2012)
WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key (Date: 10.10.2017)
WordPress Core All Versions - Unauthenticated Blind Server-Side Request Forgery vulnerability (Date: 12/13/2022)

It looks like the fairy tale "never say wolf" at some point there will indeed be a problem and we won't be able to see it directly in the noise created by these exclamations.

Is there any way to disable ONLY these or even set them as "temporarily hidden" or something that solves these noise?
 
I would go even further, this will be a good solution to have possibility to manually ignore vulnerabilities (at our own risk and only accessible at an admin/host level), even if such vulnerabilities exists, those ones are just annoying and nothing is possible to do. This will also allow to ignore "false positive" vulnerabilities (like we have on a paid plugin that have the same slug as a plugin in wordpress plugin directory).
 
Thank you both for your feedback. @lifehacker in order to make sure I get a clear idea of the issue and forward relevant details our team, could you please confirm if you are referring to the red exclamation mark icon that appears under the Security section although WP-Toolkit detects only low-risk vulnerabilities and "Ignore Low-Risk Vulnerabilities" is enabled for the website(s) or if you are referring to a notice that appears somewhere else? I am attaching a screenshot for better reference. Thank you in advance for your cooperation.
 

Attachments

  • security-vulnerabilities-wp-toolkit.png
    security-vulnerabilities-wp-toolkit.png
    181.1 KB · Views: 7
Let me help you out @Sebahat.hadzhi: there was a problem with incorrect data in Wordfence vulnerability database which caused this issue to flare up again. This problem was resolved, so the issue should not be actual again, but I think @Tiria's idea about having a manual ignore option sounds useful. I'll explore this idea with the team to see if we can implement it quickly.
 
Hello, @Tinpeas . Thank you for the report. Our team is aware of the issue and currently investigating it. They are also planning to implement certain changes that will ensure this issue will not reoccur in the future. At this point, I cannot provide any ETA on when the issue will be sorted out, but I will keep you posted. Thank you in advance for your patience.
 
You must log in or register to reply here.

Similar threads

Rene van Lieshout
Question WordPress Vulnerabilities -> No updates available
Replies
11
Views
3K
Sebahat.hadzhi
Sebahat.hadzhi
T
Issue WP Toolkit incorrect vulnerability and version reports
Replies
4
Views
610
TurnRound
T
C
Issue annoying WP Toolkit Site vulnerabilities found message WordPress Core All Versions - Unauthenticated Blind Server-Side Request Forgery vulnerability
Replies
0
Views
1K
cyberjam
C
V
Issue WordPress Toolkit vulnerability report unclear
Replies
2
Views
2K
avatolin
avatolin
E
How to Set up Your WordPress Website Security
Replies
0
Views
2K
Elvis Plesky
E
Back
Top