0. Status
WPscan identified 14 vulnerabilities
1. Core Updates
Updated core from 6.5.3 to 6.6.1
2. Removed plugins
- "Slider Revolution" due to existing vulnerability
- "Essential Addons for Elementor - Pro" due to existing vulnerability
3. Plugin Udates (15 requested)
- Updated "Activity Log" from 2.10.1 to 2.11.0
- Updated "Advanced Custom Fields" from 6.2.9 to 6.3.5
- Updated "All In One WP Security" from 5.3.0 to 5.3.2
- Updated "Custom Permalinks" from 2.5.2 to 2.6.0
- Updated "Duplica pagina" from 4.5.3 to 4.5.4
- Updated "Easy WP SMTP" from 2.3.0 to 2.4.1
- Updated "Elementor" from 3.21.6 to 3.23.4
- Updated "Elementor Addon Elements" from 1.13.5 to 1.13.6
- Updated "Essential Addons for Elementor" from 5.9.22 to 6.0.1
- Updated "GDPR Cookie Compliance" from 4.14.0 to 4.15.2
- Updated "Really Simple SSL" from 8.1.3 to 8.1.6
- Updated "Redirection" from 5.4.2 to 5.5.0
- Updated "W3 Total Cache" from 2.7.2 to 2.7.5
- Updated "Yoast SEO" from 22.7 to 23.3
3.1 NB , some upgrades cannot be done
- "BE Theme" lincence is no longer valid, it requires a new licence to be updated. It costs ~ 78$/year
- "WPBakery Page Builder" lincence is no longer valid, it requires a new licence to be updated. It costs ~ 69$/lifetime
4. Themes updates (3 requested)
- Updated Twenty Twenty-Four from 1.1 to 1.2
- Updated Twenty Twenty-Three from 1.4 to 1.5
5. Additional activities
5.1 Security activities
- None
Onetime activities
- None
Recurring activities
- Renamed "xmlrpc.php" to "donotpass_xmlrpc.php" (should be done on EVERY core update)
- Removed "readme.txt" (should be done on EVERY core update)
- Removed "license.txt" (should be done on EVERY core update)
- Removed "licenza.html" (should be done on EVERY core update)
N.B Gravity Form plugin can not be automatically updated due to a licence lack
5.2 Spam Found
- no more spams found
5.3 Cookies
PLEASE CHECK with your legal consultant if the cookie banner is already mandatory.
Currently the website does not use any cookies.
6. Notices
6.0 Licences renew are required
- BE Theme
- WPBakery Page Builder
6.1 Too many editor are installed.
Currently on wikimedia.it wordpress website are intalled and used the following editors:
- Default "Gutenberg" default wordpress editor
- BE Editor
- Elementor
Those editors are not fully compatible and interoperable. That means that, choosing a wrong editor, there is a high risk to broke contents and to create not uniform contents.
6.2 Fragmented template elements and styles
Due to wordpress architecture and stratification of manutentive ad evolutive actions, currently styles are spread in:
- WMI wordpress theme
- Inline wordpress styles
- Editors configurations (Elementor, BE)
- Plugins configurations (Smart Slider)
This configuration makes hard to maintain end act on global styles, keeping a global aesthetic identity
6.3 The Plugin "Wiki Embed" - https://it.wordpress.org/plugins/wiki-embed/ - is old and no longer mantenined (9 years from the last update)
It causes a lot of PHP warnings
Trying to access array offset on value of type bool in /var/www/wmi/wordpress/wp-content/plugins/wiki-embed/WikiEmbed.php on line 112