Back to Codebase

Vulnerability Analysis Report

WordPress Core v2.8.5

Scan ID: SCAN-WORDPRESS-CORE-qTLIjD • Hash: 0d7de1ac

Severity Score
High
Total Findings
5
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.738s

Vulnerability Details

L279

Dynamic Code Execution in blogger.php

CWE-94
File Location: wp-admin/import/blogger.php:279
Security Score:
95 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- eval('this.status='+text);
+ // Avoid dynamic function/code evaluation. Rewrite with native callbacks.
L45

Potential SQL Injection in export.php

CWE-89
File Location: wp-admin/export.php:45
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $authors = $wpdb->get_col( "SELECT post_author FROM $wpdb->posts GROUP BY post_author" );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L651

Potential SQL Injection in blogger.php

CWE-89
File Location: wp-admin/import/blogger.php:651
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $authors = (array) $wpdb->get_col("SELECT DISTINCT meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN (" . join( ',', $post_ids ) . ")");
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L766

Potential SQL Injection in blogger.php

CWE-89
File Location: wp-admin/import/blogger.php:766
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query("DELETE FROM $wpdb->postmeta WHERE meta_key = 'blogger_author'");
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L691

Potential SQL Injection in blogger.php

CWE-89
File Location: wp-admin/import/blogger.php:691
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $results = (array) $wpdb->get_results("SELECT post_id, meta_value FROM $wpdb->postmeta WHERE meta_key = 'blogger_author' AND post_id IN ($post_ids)");
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));