Cross site scripting (XSS) adminajax.php

• 

  glaukabazi · Member · Sep 28, 2021 at 10:49 am

  • Copy link
  • Add topic to favorites

  wp-admin/adminajax.php

  Alert group Cross site scripting

  Severity High

  Description: Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts into a legitimate website or web application. XSS occurs when a web application makes use of unvalidated or unencoded user input within the output it generates.
  Recommendations Apply context-dependent encoding and/or validation to user input rendered on a page
  Alert variants
  Details
  URL encoded POST input atts[sk-options][monthly_view][sed_method] was set to
  09760();}]9361
  The input is reflected inside <script> tag.
  POST /wp-admin/admin-ajax.php HTTP/1.1
  Content-Type: application/x-www-form-urlencoded
  Referer:
  Cookie: privacy_embeds=consent
  Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  Accept-Encoding: gzip,deflate
  Content-Length: 21867
  User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
  Gecko) Chrome/92.0.4512.0 Safari/537.36
  Host:
  Connection: Keep-alive

  ———————————————
  action=mec_monthly_view_load_month&apply_sf_date=0&atts[_edit_last]=1&atts[_edit_lock]=16
  26242756:1&atts[author]=&atts[category]=&atts[html-class]=mecwidget%
  20&atts[id]=286&atts[label]=&atts[location]=&atts[organizer]=&atts[rs_page_bg_colo
  r]=&atts[sf-options][agenda][address_search][placeholder]=&atts[sf-options][agenda]
  [address_search][type]=0&atts[sf-options][agenda][category][type]=0&atts[sf-options]
  [agenda][event_cost][type]=0&atts[sf-options][agenda][label][type]=0&atts[sf-options]
  [agenda][location][type]=0&atts[sf-options][agenda][month_filter][type]=0&atts[sfoptions][
  agenda][organizer][type]=0&atts[sf-options][agenda][speaker][type]=0&atts[sfoptions][
  agenda][tag][type]=0&atts[sf-options][agenda][text_search]
  [placeholder]=&atts[sf-options][agenda][text_search][type]=0&atts[sf-options][agenda]
  [time_filter][type]=0&atts[sf-options][daily_view][address_search][placeholder]=&atts[sfoptions][
  daily_view][address_search][type]=0&atts[sf-options][daily_view][category]
  [type]=0&atts[sf-options][daily_view][event_cost][type]=0&atts[sf-options][daily_view]
  [label][type]=0&atts[sf-options][daily_view][location][type]=0&atts[sf-options]
  [daily_view][month_filter][type]=0&atts[sf-options][daily_view][organizer]
  [type]=0&atts[sf-options][daily_view][speaker][type]=0&atts[sf-options][daily_view][tag]
  [type]=0&atts[sf-options][daily_view][text_search][placeholder]=&atts[sf-options]
  [daily_view][text_search][type]=0&atts[sf-options][daily_view][time_filter]
  4
  [type]=0&atts[sf-options][full_calendar][address_search][placeholder]=&atts[sf-options]
  [full_calendar][address_search][type]=0&atts[sf-options][full_calendar][category]
  [type]=0&atts[sf-options][full_calendar][event_cost][type]=0&atts[sf-options]
  [full_calendar][label][type]=0&atts[sf-options][full_calendar][location][type]=0&atts[sfoptions][
  full_calendar][month_filter][type]=0&atts[sf-options][full_calendar][organizer]
  [type]=0&atts[sf-options][full_calendar][speaker][type]=0&atts[sf-options][full_calendar]
  [tag][type]=0&atts[sf-options][full_calendar][text_search][placeholder]=&atts[sf-options]
  [full_calendar][text_search][type]=0&atts[sf-options][full_calendar][time_filter]
  [type]=0&atts[sf-options][grid][address_search][placeholder]=&atts[sf-options][grid]
  [address_search][type]=0&atts[sf-options][grid][category][type]=0&atts[sf-options][grid]
  [event_cost][type]=0&atts[sf-options][grid][label][type]=0&atts[sf-options][grid]
  [location][type]=0&atts[sf-options][grid][month_filter][type]=0&atts[sf-options][grid]
  [organizer][type]=0&atts[sf-options][grid][speaker][type]=0&atts[sf-options][grid][tag]
  [type]=0&atts[sf-options][grid][text_search][placeholder]=&atts[sf-options][grid]
  [text_search][type]=0&atts[sf-options][grid][time_filter][type]=0&atts[sf-options][list]
  [address_search][placeholder]=&atts[sf-options][list][address_search][type]=0&atts[sfoptions][
  list][category][type]=0&atts[sf-options][list][event_cost][type]=0&atts[sfoptions][
  list][label][type]=0&atts[sf-options][list][location][type]=0&atts[sf-options]
  [list][month_filter][type]=0&atts[sf-options][list][organizer][type]=0&atts[sf-options]
  [list][speaker][type]=0&atts[sf-options][list][tag][type]=0&atts[sf-options][list]
  [text_search][placeholder]=&atts[sf-options][list][text_search][type]=0&atts[sf-options]
  [list][time_filter][type]=0&atts[sf-options][map][address_search][placeholder]=&atts[sfoptions][
  map][address_search][type]=0&atts[sf-options][map][category][type]=0&atts[sfoptions][
  map][event_cost][type]=0&atts[sf-options][map][label][type]=0&atts[sf-options]
  [map][location][type]=0&atts[sf-options][map][month_filter][type]=0&atts[sf-options][map]
  [organizer][type]=0&atts[sf-options][map][speaker][type]=0&atts[sf-options][map][tag]
  [type]=0&atts[sf-options][map][text_search][placeholder]=&atts[sf-options][map]
  [text_search][type]=0&atts[sf-options][monthly_view][address_search]
  [placeholder]=&atts[sf-options][monthly_view][address_search][type]=0&atts[sf-options]
  [monthly_view][category][type]=dropdown&atts[sf-options][monthly_view][event_cost]
  [type]=0&atts[sf-options][monthly_view][label][type]=0&atts[sf-options][monthly_view]
  [location][type]=0&atts[sf-options][monthly_view][month_filter][type]=0&atts[sf-options]
  [monthly_view][organizer][type]=0&atts[sf-options][monthly_view][speaker]
  [type]=0&atts[sf-options][monthly_view][tag][type]=0&atts[sf-options][monthly_view]
  [text_search][placeholder]=&atts[sf-options][monthly_view][text_search]
  [type]=text_input&atts[sf-options][monthly_view][time_filter][type]=0&atts[sf-options]
  [tile][address_search][placeholder]=&atts[sf-options][tile][address_search]
  [type]=0&atts[sf-options][tile][category][type]=0&atts[sf-options][tile][event_cost]
  [type]=0&atts[sf-options][tile][label][type]=0&atts[sf-options][tile][location]
  [type]=0&atts[sf-options][tile][month_filter][type]=0&atts[sf-options][tile][organizer]
  [type]=0&atts[sf-options][tile][speaker][type]=0&atts[sf-options][tile][tag]
  [type]=0&atts[sf-options][tile][text_search][placeholder]=&atts[sf-options][tile]
  [text_search][type]=0&atts[sf-options][tile][time_filter][type]=0&atts[sf-options]
  [timetable][address_search][placeholder]=&atts[sf-options][timetable][address_search]
  [type]=0&atts[sf-options][timetable][category][type]=0&atts[sf-options][timetable]
  [event_cost][type]=0&atts[sf-options][timetable][label][type]=0&atts[sf-options]
  [timetable][location][type]=0&atts[sf-options][timetable][month_filter][type]=0&atts[sfoptions][
  timetable][organizer][type]=0&atts[sf-options][timetable][speaker]
  [type]=0&atts[sf-options][timetable][tag][type]=0&atts[sf-options][timetable]
  [text_search][placeholder]=&atts[sf-options][timetable][text_search][type]=0&atts[sfoptions][
  timetable][time_filter][type]=0&atts[sf-options][weekly_view][address_search]
  [placeholder]=&atts[sf-options][weekly_view][address_search][type]=0&atts[sf-options]
  [weekly_view][category][type]=0&atts[sf-options][weekly_view][event_cost]
  [type]=0&atts[sf-options][weekly_view][label][type]=0&atts[sf-options][weekly_view]
  [location][type]=0&atts[sf-options][weekly_view][month_filter][type]=0&atts[sf-options]
  [weekly_view][organizer][type]=0&atts[sf-options][weekly_view][speaker][type]=0&atts[sfoptions][
  weekly_view][tag][type]=0&atts[sf-options][weekly_view][text_search]
  [placeholder]=&atts[sf-options][weekly_view][text_search][type]=0&atts[sf-options]
  [weekly_view][time_filter][type]=0&atts[sf-options][yearly_view][address_search]
  [placeholder]=&atts[sf-options][yearly_view][address_search][type]=0&atts[sf-options]
  [yearly_view][category][type]=0&atts[sf-options][yearly_view][event_cost]
  5
  [type]=0&atts[sf-options][yearly_view][label][type]=0&atts[sf-options][yearly_view]
  [location][type]=0&atts[sf-options][yearly_view][month_filter][type]=0&atts[sf-options]
  [yearly_view][organizer][type]=0&atts[sf-options][yearly_view][speaker][type]=0&atts[sfoptions][
  yearly_view][tag][type]=0&atts[sf-options][yearly_view][text_search]
  [placeholder]=&atts[sf-options][yearly_view][text_search][type]=0&atts[sf-options]
  [yearly_view][time_filter]
  [type]=0&atts[sf_display_label]=0&atts[sf_status]=0&atts[show_ongoing_events]=0&atts[show
  _only_one_occurrence]=0&atts[show_only_ongoing_events]=0&atts[show_only_past_events]=0&at
  ts[show_past_events]=1&atts[sk-options][agenda][clean_date_format1]=l&atts[sk-options]
  [agenda][clean_date_format2]=F%20j&atts[sk-options][agenda][custom_data]=0&atts[skoptions][
  agenda][display_label]=0&atts[sk-options][agenda][end_date_type]=date&atts[skoptions][
  agenda][image_popup]=0&atts[sk-options][agenda][include_local_time]=0&atts[skoptions][
  agenda][limit]=&atts[sk-options][agenda][load_more_button]=1&atts[sk-options]
  [agenda][maximum_date_range]=&atts[sk-options][agenda][month_divider]=0&atts[sk-options]
  [agenda][reason_for_cancellation]=0&atts[sk-options][agenda][sed_method]=0&atts[skoptions][
  agenda][start_date]=&atts[sk-options][agenda][start_date_type]=today&atts[skoptions][
  agenda][style]=clean&atts[sk-options][available_spot][date_format1]=j&atts[skoptions][
  available_spot][date_format2]=F&atts[sk-options][available_spot]
  [display_label]=0&atts[sk-options][available_spot][event_id]=-1&atts[sk-options]
  [available_spot][include_local_time]=0&atts[sk-options][available_spot]
  [reason_for_cancellation]=0&atts[sk-options][carousel][archive_link]=&atts[sk-options]
  [carousel][autoplay]=&atts[sk-options][carousel][autoplay_status]=1&atts[sk-options]
  [carousel][count]=2&atts[sk-options][carousel][custom_data]=0&atts[sk-options][carousel]
  [display_label]=0&atts[sk-options][carousel][head_text]=&atts[sk-options][carousel]
  [image_popup]=0&atts[sk-options][carousel][include_events_times]=0&atts[sk-options]
  [carousel][include_local_time]=0&atts[sk-options][carousel][limit]=&atts[sk-options]
  [carousel][loop_status]=1&atts[sk-options][carousel][reason_for_cancellation]=0&atts[skoptions][
  carousel][sed_method]=0&atts[sk-options][carousel][start_date]=&atts[sk-options]
  [carousel][start_date_type]=today&atts[sk-options][carousel][style]=type1&atts[skoptions][
  carousel][type1_date_format1]=d&atts[sk-options][carousel]
  [type1_date_format2]=F&atts[sk-options][carousel][type1_date_format3]=Y&atts[sk-options]
  [carousel][type2_date_format1]=M%20d%2C%20Y&atts[sk-options][carousel]
  [type3_date_format1]=M%20d%2C%20Y&atts[sk-options][countdown]
  [bg_color]=%23437df9&atts[sk-options][countdown][date_format_style11]=j%20F%20Y&atts[skoptions][
  countdown][date_format_style21]=j%20F%20Y&atts[sk-options][countdown]
  [date_format_style31]=j&atts[sk-options][countdown][date_format_style32]=F&atts[skoptions][
  countdown][date_format_style33]=Y&atts[sk-options][countdown]
  [display_label]=0&atts[sk-options][countdown][event_id]=-1&atts[sk-options][countdown]
  [include_local_time]=0&atts[sk-options][countdown][reason_for_cancellation]=0&atts[skoptions][
  countdown][style]=style1&atts[sk-options][cover]
  [date_format_classic1]=F%20d&atts[sk-options][cover][date_format_classic2]=l&atts[skoptions][
  cover][date_format_clean1]=d&atts[sk-options][cover]
  [date_format_clean2]=M&atts[sk-options][cover][date_format_clean3]=Y&atts[sk-options]
  [cover][date_format_modern1]=l%2C%20F%20d%20Y&atts[sk-options][cover]
  [display_label]=0&atts[sk-options][cover][event_id]=4475&atts[sk-options][cover]
  [include_local_time]=0&atts[sk-options][cover][reason_for_cancellation]=0&atts[skoptions][
  cover][style]=classic&atts[sk-options][daily_view][custom_data]=0&atts[skoptions][
  daily_view][display_categories]=0&atts[sk-options][daily_view]
  [display_label]=0&atts[sk-options][daily_view][display_organizer]=0&atts[sk-options]
  [daily_view][image_popup]=0&atts[sk-options][daily_view][include_local_time]=0&atts[skoptions][
  daily_view][limit]=&atts[sk-options][daily_view]
  [next_previous_button]=1&atts[sk-options][daily_view][reason_for_cancellation]=0&atts[skoptions][
  daily_view][sed_method]=0&atts[sk-options][daily_view][start_date]=&atts[skoptions][
  daily_view][start_date_type]=today&atts[sk-options][full_calendar]
  [activate_current_day]=1&atts[sk-options][full_calendar][activate_first_date]=0&atts[skoptions][
  full_calendar][custom_data]=0&atts[sk-options][full_calendar][daily]=1&atts[skoptions][
  full_calendar][date_format_list]=d%20M&atts[sk-options][full_calendar]
  [date_format_yearly_1]=l&atts[sk-options][full_calendar]
  [date_format_yearly_2]=F%20j&atts[sk-options][full_calendar][default_view]=list&atts[skoptions][
  full_calendar][display_label]=0&atts[sk-options][full_calendar]
  [display_price]=0&atts[sk-options][full_calendar][end_date_type_grid]=date&atts[sk6
  options][full_calendar][end_date_type_list]=date&atts[sk-options][full_calendar]
  [grid]=0&atts[sk-options][full_calendar][image_popup]=0&atts[sk-options][full_calendar]
  [include_local_time]=0&atts[sk-options][full_calendar][limit]=&atts[sk-options]
  [full_calendar][list]=1&atts[sk-options][full_calendar]
  [maximum_date_range_grid]=&atts[sk-options][full_calendar]
  [maximum_date_range_list]=&atts[sk-options][full_calendar][monthly]=1&atts[sk-options]
  [full_calendar][monthly_style]=clean&atts[sk-options][full_calendar]
  [reason_for_cancellation]=0&atts[sk-options][full_calendar][sed_method]=0&atts[skoptions][
  full_calendar][start_date]=&atts[sk-options][full_calendar]
  [start_date_type]=today&atts[sk-options][full_calendar][tile]=0&atts[sk-options]
  [full_calendar][weekly]=1&atts[sk-options][full_calendar][yearly]=0&atts[sk-options]
  [grid][classic_date_format1]=d%20F%20Y&atts[sk-options][grid]
  [clean_date_format1]=d&atts[sk-options][grid][clean_date_format2]=F&atts[sk-options]
  [grid][colorful_date_format1]=d&atts[sk-options][grid][colorful_date_format2]=F&atts[skoptions][
  grid][colorful_date_format3]=l&atts[sk-options][grid][count]=1&atts[sk-options]
  [grid][custom_data]=0&atts[sk-options][grid][display_categories]=0&atts[sk-options][grid]
  [display_label]=0&atts[sk-options][grid][display_organizer]=0&atts[sk-options][grid]
  [end_date_type]=date&atts[sk-options][grid][image_popup]=0&atts[sk-options][grid]
  [include_events_times]=0&atts[sk-options][grid][include_local_time]=0&atts[sk-options]
  [grid][limit]=&atts[sk-options][grid][load_more_button]=1&atts[sk-options][grid]
  [maximum_date_range]=&atts[sk-options][grid][minimal_date_format1]=d&atts[sk-options]
  [grid][minimal_date_format2]=M&atts[sk-options][grid][modern_date_format1]=d&atts[skoptions][
  grid][modern_date_format2]=F&atts[sk-options][grid]
  [modern_date_format3]=l&atts[sk-options][grid][novel_date_format1]=d%20F%20Y&atts[skoptions][
  grid][reason_for_cancellation]=0&atts[sk-options][grid][sed_method]=0&atts[skoptions][
  grid][set_geolocation]=0&atts[sk-options][grid]
  [set_geolocation_focus]=0&atts[sk-options][grid][simple_date_format1]=M%20d%20Y&atts[skoptions][
  grid][start_date]=&atts[sk-options][grid][start_date_type]=today&atts[skoptions][
  grid][style]=classic&atts[sk-options][list][accordion_date_format1]=d&atts[skoptions][
  list][accordion_date_format2]=F&atts[sk-options][list]
  [classic_date_format1]=M%20d%20Y&atts[sk-options][list][custom_data]=0&atts[sk-options]
  [list][display_categories]=0&atts[sk-options][list][display_label]=0&atts[sk-options]
  [list][display_organizer]=0&atts[sk-options][list][end_date_type]=date&atts[sk-options]
  [list][image_popup]=0&atts[sk-options][list][include_events_times]=0&atts[sk-options]
  [list][include_local_time]=0&atts[sk-options][list][limit]=&atts[sk-options][list]
  [load_more_button]=1&atts[sk-options][list][maximum_date_range]=&atts[sk-options][list]
  [minimal_date_format1]=d&atts[sk-options][list][minimal_date_format2]=M&atts[sk-options]
  [list][minimal_date_format3]=l&atts[sk-options][list][modern_date_format1]=d&atts[skoptions][
  list][modern_date_format2]=F&atts[sk-options][list]
  [modern_date_format3]=l&atts[sk-options][list][month_divider]=1&atts[sk-options][list]
  [reason_for_cancellation]=0&atts[sk-options][list][sed_method]=0&atts[sk-options][list]
  [set_geolocation]=0&atts[sk-options][list][set_geolocation_focus]=0&atts[sk-options]
  [list][standard_date_format1]=d%20M&atts[sk-options][list][start_date]=&atts[sk-options]
  [list][start_date_type]=today&atts[sk-options][list][style]=classic&atts[sk-options]
  [list][toggle_month_divider]=0&atts[sk-options][map][geolocation]=0&atts[sk-options][map]
  [geolocation_focus]=0&atts[sk-options][map][limit]=200&atts[sk-options][map]
  [start_date]=&atts[sk-options][map][start_date_type]=today&atts[sk-options][masonry]
  [custom_data]=0&atts[sk-options][masonry][date_format1]=j&atts[sk-options][masonry]
  [date_format2]=F&atts[sk-options][masonry][display_categories]=0&atts[sk-options]
  [masonry][display_label]=0&atts[sk-options][masonry][display_organizer]=0&atts[skoptions][
  masonry][end_date_type]=date&atts[sk-options][masonry][filter_by]=&atts[skoptions][
  masonry][fit_to_row]=0&atts[sk-options][masonry][image_popup]=0&atts[sk-options]
  [masonry][include_local_time]=0&atts[sk-options][masonry][limit]=&atts[sk-options]
  [masonry][load_more_button]=0&atts[sk-options][masonry][masonry_like_grid]=0&atts[skoptions][
  masonry][maximum_date_range]=&atts[sk-options][masonry]
  [reason_for_cancellation]=0&atts[sk-options][masonry][sed_method]=0&atts[sk-options]
  [masonry][start_date]=&atts[sk-options][masonry][start_date_type]=today&atts[sk-options]
  [monthly_view][activate_current_day]=1&atts[sk-options][monthly_view]
  [activate_first_date]=0&atts[sk-options][monthly_view][custom_data]=0&atts[sk-options]
  [monthly_view][display_all]=0&atts[sk-options][monthly_view][display_label]=0&atts[skoptions][
  monthly_view][image_popup]=0&atts[sk-options][monthly_view]
  7
  [include_local_time]=0&atts[sk-options][monthly_view][limit]=&atts[sk-options]
  [monthly_view][next_previous_button]=1&atts[sk-options][monthly_view]
  [reason_for_cancellation]=0&atts[sk-options][monthly_view]
  [sed_method]=09760();}]9361&atts[sk-options][monthly_view][start_date]=&atts[sk-options]
  [monthly_view][start_date_type]=start_current_month&atts[sk-options][monthly_view]
  [style]=classic&atts[sk-options][slider][autoplay]=&atts[sk-options][slider]
  [custom_data]=0&atts[sk-options][slider][display_label]=0&atts[sk-options][slider]
  [include_local_time]=0&atts[sk-options][slider][limit]=&atts[sk-options][slider]
  [reason_for_cancellation]=0&atts[sk-options][slider][start_date]=&atts[sk-options]
  [slider][start_date_type]=today&atts[sk-options][slider][style]=t1&atts[sk-options]
  [slider][transition_time]=250&atts[sk-options][slider][type1_date_format1]=d&atts[skoptions][
  slider][type1_date_format2]=F&atts[sk-options][slider]
  [type1_date_format3]=l&atts[sk-options][slider][type2_date_format1]=d&atts[sk-options]
  [slider][type2_date_format2]=F&atts[sk-options][slider][type2_date_format3]=l&atts[skoptions][
  slider][type3_date_format1]=d&atts[sk-options][slider]
  [type3_date_format2]=F&atts[sk-options][slider][type3_date_format3]=l&atts[sk-options]
  [slider][type4_date_format1]=d&atts[sk-options][slider][type4_date_format2]=F&atts[skoptions][
  slider][type4_date_format3]=l&atts[sk-options][slider]
  [type5_date_format1]=d&atts[sk-options][slider][type5_date_format2]=F&atts[sk-options]
  [slider][type5_date_format3]=l&atts[sk-options][tile][clean_date_format1]=j&atts[skoptions][
  tile][clean_date_format2]=M&atts[sk-options][tile][count]=4&atts[sk-options]
  [tile][custom_data]=0&atts[sk-options][tile][display_categories]=0&atts[sk-options][tile]
  [display_label]=0&atts[sk-options][tile][display_organizer]=0&atts[sk-options][tile]
  [image_popup]=0&atts[sk-options][tile][limit]=&atts[sk-options][tile]
  [load_more_button]=1&atts[sk-options][tile][next_previous_button]=1&atts[sk-options]
  [tile][reason_for_cancellation]=0&atts[sk-options][tile][sed_method]=0&atts[sk-options]
  [tile][start_date]=&atts[sk-options][tile][start_date_type]=start_current_month&atts[skoptions][
  timeline][classic_date_format1]=d%20F%20Y&atts[sk-options][timeline]
  [custom_data]=0&atts[sk-options][timeline][display_categories]=0&atts[sk-options]
  [timeline][display_label]=0&atts[sk-options][timeline][display_organizer]=0&atts[skoptions][
  timeline][end_date_type]=date&atts[sk-options][timeline][image_popup]=0&atts[skoptions][
  timeline][include_local_time]=0&atts[sk-options][timeline][limit]=&atts[skoptions][
  timeline][load_more_button]=1&atts[sk-options][timeline]
  [maximum_date_range]=&atts[sk-options][timeline][month_divider]=0&atts[sk-options]
  [timeline][reason_for_cancellation]=0&atts[sk-options][timeline][sed_method]=0&atts[skoptions][
  timeline][start_date]=&atts[sk-options][timeline]
  [start_date_type]=today&atts[sk-options][timetable][custom_data]=0&atts[sk-options]
  [timetable][display_label]=0&atts[sk-options][timetable][end_time]=13&atts[sk-options]
  [timetable][image_popup]=0&atts[sk-options][timetable][include_local_time]=0&atts[skoptions][
  timetable][limit]=&atts[sk-options][timetable][next_previous_button]=1&atts[skoptions][
  timetable][number_of_days]=5&atts[sk-options][timetable]
  [number_of_days_modern]=7&atts[sk-options][timetable][reason_for_cancellation]=0&atts[skoptions][
  timetable][sed_method]=0&atts[sk-options][timetable][start_date]=&atts[skoptions][
  timetable][start_date_type]=start_current_week&atts[sk-options][timetable]
  [start_time]=1&atts[sk-options][timetable][style]=modern&atts[sk-options][timetable]
  [week_start]=-1&atts[sk-options][weekly_view][custom_data]=0&atts[sk-options]
  [weekly_view][display_categories]=0&atts[sk-options][weekly_view]
  [display_label]=0&atts[sk-options][weekly_view][display_organizer]=0&atts[sk-options]
  [weekly_view][image_popup]=0&atts[sk-options][weekly_view][include_local_time]=0&atts[skoptions][
  weekly_view][limit]=&atts[sk-options][weekly_view]
  [next_previous_button]=1&atts[sk-options][weekly_view]
  [reason_for_cancellation]=0&atts[sk-options][weekly_view][sed_method]=0&atts[sk-options]
  [weekly_view][start_date]=&atts[sk-options][weekly_view]
  [start_date_type]=start_current_week&atts[sk-options][yearly_view]
  [custom_data]=0&atts[sk-options][yearly_view][display_label]=0&atts[sk-options]
  [yearly_view][image_popup]=0&atts[sk-options][yearly_view][include_local_time]=0&atts[skoptions][
  yearly_view][limit]=&atts[sk-options][yearly_view]
  [modern_date_format1]=l&atts[sk-options][yearly_view][modern_date_format2]=F%20j&atts[skoptions][
  yearly_view][months][1]=1&atts[sk-options][yearly_view][months][10]=1&atts[skoptions][
  yearly_view][months][11]=1&atts[sk-options][yearly_view][months][12]=1&atts[skoptions][
  yearly_view][months][2]=1&atts[sk-options][yearly_view][months][3]=1&atts[sk8
  options][yearly_view][months][4]=1&atts[sk-options][yearly_view][months][5]=1&atts[skoptions][
  yearly_view][months][6]=1&atts[sk-options][yearly_view][months][7]=1&atts[skoptions][
  yearly_view][months][8]=1&atts[sk-options][yearly_view][months][9]=1&atts[skoptions][
  yearly_view][next_previous_button]=1&atts[sk-options][yearly_view]
  [reason_for_cancellation]=0&atts[sk-options][yearly_view][sed_method]=0&atts[sk-options]
  [yearly_view][start_date]=&atts[sk-options][yearly_view]
  [start_date_type]=start_current_year&atts[sk-options][yearly_view]
  [style]=modern&atts[skin]=monthly_view&atts[style]=classic&atts[tag]=&atts[widget]=1&atts
  [widget_autoplay]=1&atts[widget_autoplay_time]=3000&atts[widget_loop]=1&mec_month=07&mec_
  year=2021&navigator_click=true

  The blog I need help with is: (visible only to logged in users)

• 

  staff-blorbo · Staff · Sep 28, 2021 at 3:23 pm

  • Copy link

  Where exactly did you receive that report from, and what is thee URL of the affected site?

• 

  glaukabazi · Member · Sep 28, 2021 at 3:40 pm

  • Copy link

  the report is from acunetix security test. as for the url the client doesn’t want to publish it before removing this alert. so i can not provide a link. but i have uploaded the files in my domain https://www.asixon.com so you can check there for this issue.

• 

  staff-blorbo · Staff · Sep 28, 2021 at 3:57 pm

  • Copy link

  Your site is not hosted with WordPress.com. It is a site using the open-source WordPress software (from WordPress.org) but hosted with DreamHost.

  Because WordPress.com and WordPress.org are two entirely separate entities, we cannot access files or data for sites that are hosted elsewhere, so WordPress.com staff can only assist with sites that are hosted on our servers. You can find more information here about the differences between WordPress.org software and WordPress.com: https://wordpress.com/support/com-vs-org/

  https://wordpress.org/support/ is a great resource for sites using the open source WordPress.org software, and you can find support for that at: https://wordpress.org/support/forums/

  With that said, carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures and start backing up your site.

  Your hosting provider’s support team may also be able to assist.