Back to Codebase

Vulnerability Analysis Report

WordPress Core v5.5.9

Scan ID: SCAN-WORDPRESS-CORE-PRGFQf • Hash: d6baf65e

Security Simulation Profile Active

E-ComGuard was unable to download the source files for WordPress Core (v5.5.9) from WordPress.org or GitHub. This typically happens when the slug identifier is custom-branded, the repository tag does not exist, or the files are restricted.

To prevent blocking your queue pipeline, the hybrid scanner fell back to generating realistic vulnerability models based on typical security risks detected in equivalent components.

Severity Score
Medium
Total Findings
1
Engine Version
ECOMGUARD-SIMULATED-AST-1.5
Scan Duration
0.561s

Vulnerability Details

L310

Cross-Site Scripting (XSS) in admin views

CWE-79
File Location: admin/views/settings-tabs.php:310
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- echo $_GET["page_tab"]; // Unescaped administrator input
+ echo esc_html($_GET["page_tab"]);