PCI compliance scan failures
-
Hello-
Our PCI compliance company has flagged our installation of WordPress 3.4.1 as non-PCI-compliant.
Below is the message they gave us:
Description: WordPress query.php is_admin() Function Information Disclosure Synoposis: The remote web server contains a PHP application that is affected by an information disclosure issue. Impact: The version of WordPress on the remote host does not properly check for administrative credentials in the ‘is_admin()’ function in ‘ ;wp-includes/query.php’. Using a specially-crafted URL that contains the string ‘wp-admin/’, an attacker may be able to leverage this issue to view posts for which the status is classified as ‘future’, ‘draft’, or ‘pending’, which would otherwise be available only to authenticated users. Resolution: Unknown at this time. Risk Factor: Medium/ CVSS2 Base Score: 4.0
Is there a patch or a suggested resolution for this?
Please respond AAP.Thanks
-
Good day to you,
I’m sorry to report that you have accidentally posted to the wrong support forum. We cannot help you here at WordPress.com with that site as it’s not being hosted by WordPress.com and we run on different software. This is the correct forum for your software http://wordpress.ORG/support/
WordPress.com vs WordPress.org: The DifferencesBest wishes with your site.
- The topic ‘PCI compliance scan failures’ is closed to new replies.
WordPress.com Forums 