0. Status
WPscan identified 18 vulnerabilities
1. Core Updates
Updated core from 6.7.1 to 6.7.2
2. Removed plugins
- None
3. Plugin Udates (16 requested)
- Updated "All In One WP Security" from 5.3.4 to 5.4.0
- Updated "Easy WP SMTP" from 2.7.0 a 2.10.0
- Updated "Elementor" from 3.25.10 to 3.28.3
- Updated "Elementor Addon Elements" from 1.13.9 to 1.14
- Updated "Essential Addons for Elementor" from 6.0.10 to 6.1.9
- Updated "GDPR Cookie Compliance" from 4.15.5 to 4.16.1
- Updated "Really Simple Security" from 9.1.2 to 9.3.3
- Updated "Redirection" from 5.5.1 to 5.5.2
- Updated "Secure Custom Fields" from 6.3.10.2 to 6.4.0.1
- Updated "Smart Slider 3" from 3.5.1.25 to 3.5.1.27
- Updated "W3 Total Cache" from 2.8.0 to 2.8.7
- Updated "Yoast SEO" from 23.9 to 24.8.1
3.1 NB , lincences
- The following premium
- "BE Theme" lincence has been ourchased, renewed and updated from 27.5.13 to 28.0.2
- "WPBakery Page Builder" lincence is no longer valid, it requires a new licence to be updated.
4. Themes updates (2 requested)
- Updated Twenty Twenty-Five from 1.0 to 1.1
- Be Theme
5. Additional activities
5.1 Security activities
- None
Onetime activities
- The "Smart Slider" plugin, which provided the homepage slideshow, has been disabled
- The "Slider revolution" plugin has been installed and convigurated
- The first 2 existing slides has been replicated with the new tool
Recurring activities
- Renamed "xmlrpc.php" to "donotpass_xmlrpc.php" (should be done on EVERY core update)
- Removed "readme.txt" (should be done on EVERY core update)
- Removed "license.txt" (should be done on EVERY core update)
N.B Gravity Form plugin can not be automatically updated due to a licence lack
5.2 Spam Found
- no more spams found
5.3 Cookies
PLEASE CHECK with your legal consultant if the cookie banner is already mandatory.
Currently the website does not use any cookies.
6. Notices
6.0 Licences renew are required
- WPBakery Page Builder
6.1 Too many editor are installed.
Currently on wikimedia.it wordpress website are intalled and used the following editors:
- Default "Gutenberg" default wordpress editor
- BE Editor
- Elementor
Those editors are not fully compatible and interoperable. That means that, choosing a wrong editor, there is a high risk to broke contents and to create not uniform contents.
6.2 Fragmented template elements and styles
Due to wordpress architecture and stratification of manutentive ad evolutive actions, currently styles are spread in:
- WMI wordpress theme
- Inline wordpress styles
- Editors configurations (Elementor, BE)
- Plugins configurations (Smart Slider)
This configuration makes hard to maintain end act on global styles, keeping a global aesthetic identity
6.3 The Plugin "Wiki Embed" - https://it.wordpress.org/plugins/wiki-embed/ - is old and no longer mantenined (9 years from the last update)
It causes a lot of PHP warnings
Trying to access array offset on value of type bool in /var/www/wmi/wordpress/wp-content/plugins/wiki-embed/WikiEmbed.php on line 112