Issue WordPress Toolkit Reporting Low Risk Vulnerabilities Again

[neijek]

@neijek Sure, you can submit your idea here: https://features.plesk.com/tabs/28-planned-roadmap

When submitting the idea, please provide as much info as possible for the problem you're having (focus on the problem, not the solution). If you don't see your submission appear in the list after some time, I'd appreciate if you could send the same info to me via DM. Thanks in advance!

ok submited. thanks il let you know if i dont see it on there in the new few weeks. apriciate it.

 

[apisystems]

Hi, Gary. Sorry, that's my mistake. Indeed along with the latest WP Toolkit release v 6.10.0, the Ignore Low-Risk Vulnerabilities feature was removed. I will double-check if there is any way to get rid of the red mark considering that there are only low impact vulnerabilities detected and I will get back to you.

Hello, I'm really disappointed with the latest update because it didn't display 'Ignore Low-Risk Vulnerabilities'.

 

[burnley]

Yes can something please be done to fix up these Security notifications, we have had ongoing complaints from customs and their web designers about receiving vulnerability emails every night for Low-Risk Vulnerabilities on sites. Harassing customers about this is not helpful as they will simply dismiss or mark them as junk. Then when something they do actually need to take action over comes out they won't know as they are ignoring the emails! What value do you think someone will get when alerted about vulnerabilities and this is what they see...


Seriously it shouldn't be this hard to get right.

1) allow the server admins to configure at what level vulnerabilities are visible in the panel.
2) allow server admin to configure at what level an email alert is sent.
3) Ensure the host-name of the site in question is prominent on the email, if a dev has lots of sites it should be obvious which one needs attention in the email notification.
4) If auto updates are turned on apply these first, then scan the site for vulnerabilities. We have had more than one developer go off at us for sending an alert about a vulnerability, only for them to login and see its already been patched by auto updates.

At the moment our options are disable the notifications or create a custom mail filter to weed out BS notifications after Plesk generates them. Neither options is overly appealing but it seems we will be forced to do one of the other to fix this mess.

 

[custer]

Hey @burnley, thanks for providing such a detailed report, this is much appreciated. Let me discuss this with the team and figure out how we can solve the issues you're reporting in the next major release. I'll be back here with more questions and details later.