Issue WordPress Toolkit Reporting Low Risk Vulnerabilities Again

[Tinpeas]

Server operating system version

AlmaLinux 8.10 (Cerulean Leopard)

Plesk version and microupdate number

18.0.76

HI Guys

Now the Ignore Low-Risk Vulnerabilities feature has been removed we have a big red dot on the security tab again which is disturbing and massively unhelpful.

The red dot on the security tab is a very useful indicator of actual security problems but not when it is showing 0.1 rated vulnerabilities that are historic and will likely never be fixed.

The vulnerabilities now being reported are:

1. WordPress Core - All Known Versions - Cleartext Storage of wp_signups.activation_key - 10.10.2017CVE-2017-14990
2. WordPress Core All Versions - Unauthenticated Blind Server-Side Request Forgery vulnerability

Wordfence themselves told me that these are informational only and should be commented out by you guys but they are not.

In my humble opinion these should not be showing at all.

Can you fix this please?

Cheers

Gary

 

[Sebahat.hadzhi]

Hi, Gary. The Ignore Low-Risk Vulnerabilities feature hasn't been removed. The same is still present at site settings level (Subscriptions > example.com > WordPress > Vulnerabilities). I am assuming that you are currently looking at the all sites drawer (WordPress > Security), which is why you can't find it.

 

[Tinpeas]

Hi Sebahat

Just had a look and can't see it anywhere, what I am missing?

The screen shot is at site level.

Cheers

Gary