False security warnings for system libraries | WordPress.org

programmin
(@programmin)

3 months, 3 weeks ago

It seems to be giving false positives for security vulnerabilities, even on a fully up to date 24.04:

For example you can see that the Curl 8.5 in Ubuntu has patches for the security issues that are listed in WPvulnerability:

https://changelogs.ubuntu.com/changelogs/pool/main/c/curl/curl_8.5.0-2ubuntu10.6/changelog

I think listing vulnerabilities for the PHP, Nginx, Imagemagick are going to have similar issues: check the changelog, they regularly provide the security updates:

https://packages.ubuntu.com/noble/imagemagick

https://packages.ubuntu.com/noble/nginx

https://packages.ubuntu.com/noble/php8.3

I think Fedora/Red hat system updates would have to be considered in a similar way – not listing vulnerability by the version.

Viewing 1 replies (of 1 total)

Thread Starter programmin
(@programmin)

3 months, 2 weeks ago

Furthermore, after disabling the checks using the define’d constants I still see it logging requests to check, in wp-admin/options-general.php?page=wpvulnerability-options&tab=logs.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

2 replies
1 participant
Last reply from: programmin
Last activity: 3 months, 2 weeks ago
Status: not resolved