Back to Codebase

Vulnerability Analysis Report

Yoast SEO v27.9

Scan ID: SCAN-WORDPRESS-SEO-m19ssr • Hash: 49199157

Severity Score
High
Total Findings
89
Engine Version
ECOMGUARD-HYBRID-AST-1.5
Scan Duration
0.526s

Vulnerability Details

L137

Potential SQL Injection in class-import-squirrly.php

CWE-89
File Location: admin/import/plugins/class-import-squirrly.php:137
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $result = $wpdb->get_var( "SHOW TABLES LIKE '{$this->table_name}'" );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L898

Potential SQL Injection in class-wpseo-meta.php

CWE-89
File Location: inc/class-wpseo-meta.php:898
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $count = $wpdb->query( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L271

Potential SQL Injection in adapter.php

CWE-89
File Location: lib/migrations/adapter.php:271
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $result = $wpdb->query( "SELECT * FROM $table LIMIT 1" );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L114

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:114
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( $sql );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L617

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:617
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $orphans = $wpdb->get_col( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L624

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:624
Security Score:
94 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( "DELETE FROM $table WHERE {$column} IN( " . \implode( ',', $orphans ) . ' )' );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L1753

Potential SQL Injection in class-upgrade.php

CWE-89
File Location: inc/class-upgrade.php:1753
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query( $delete_query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L304

Potential SQL Injection in adapter.php

CWE-89
File Location: lib/migrations/adapter.php:304
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $data = $wpdb->get_results( $query, \ARRAY_A );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L171

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:171
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( $delete_query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L453

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:453
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->get_col( $count_query )[0];
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L488

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:488
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $orphans = $wpdb->get_col( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L705

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:705
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->get_results( $query, \OBJECT_K );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L75

Potential SQL Injection in Database_Proxy_Test.php

CWE-89
File Location: tests/WP/Admin/Database_Proxy_Test.php:75
Security Score:
93 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query( "DROP TABLE {$full_table_name}" );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L419

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:419
Security Score:
92 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( $delete_query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L767

Potential SQL Injection in class-wpseo-meta.php

CWE-89
File Location: inc/class-wpseo-meta.php:767
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $oldies = $wpdb->get_results( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L923

Potential SQL Injection in class-wpseo-meta.php

CWE-89
File Location: inc/class-wpseo-meta.php:923
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $oldies = $wpdb->get_results( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L290

Potential SQL Injection in orm.php

CWE-89
File Location: lib/orm.php:290
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $result = $wpdb->query( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L89

Potential SQL Injection in seo-score-results-collector.php

CWE-89
File Location: src/dashboard/infrastructure/score-results/seo-score-results/seo-score-results-collector.php:89
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $current_scores = $wpdb->get_row( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L35

Potential SQL Injection in attachment-cleanup-helper.php

CWE-89
File Location: src/helpers/attachment-cleanup-helper.php:35
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query( $delete_query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L78

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:78
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( $sql );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L287

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:287
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( $delete_query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L495

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:495
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( "DELETE FROM $indexable_table WHERE object_type = '{$object_type}' AND object_id IN( " . \implode( ',', $orphans ) . ' )' );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L533

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:533
Security Score:
91 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( "DELETE FROM $indexable_table WHERE object_type = 'user' AND object_id IN( " . \implode( ',', $orphans ) . ' )' );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L1009

Potential SQL Injection in class-bulk-editor-list-table.php

CWE-89
File Location: admin/class-bulk-editor-list-table.php:1009
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->get_results( "SELECT * FROM {$wpdb->postmeta} WHERE {$where}" );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L115

Potential SQL Injection in class-import-squirrly.php

CWE-89
File Location: admin/import/plugins/class-import-squirrly.php:115
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query( "DROP TABLE {$this->table_name}" );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L891

Potential SQL Injection in class-wpseo-meta.php

CWE-89
File Location: inc/class-wpseo-meta.php:891
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $meta_ids = $wpdb->get_col( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L66

Potential SQL Injection in attachment-cleanup-helper.php

CWE-89
File Location: src/helpers/attachment-cleanup-helper.php:66
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L367

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:367
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( $delete_query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L526

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:526
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $orphans = $wpdb->get_col( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L746

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:746
Security Score:
90 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L819

Potential SQL Injection in class-wpseo-meta.php

CWE-89
File Location: inc/class-wpseo-meta.php:819
Security Score:
89 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $oldies = $wpdb->get_results( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L337

Potential SQL Injection in adapter.php

CWE-89
File Location: lib/migrations/adapter.php:337
Security Score:
89 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $result = $wpdb->query( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L239

Potential SQL Injection in indexable-cleanup-repository.php

CWE-89
File Location: src/repositories/indexable-cleanup-repository.php:239
Security Score:
89 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( $delete_query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L62

Potential SQL Injection in Database_Proxy_Test.php

CWE-89
File Location: tests/WP/Admin/Database_Proxy_Test.php:62
Security Score:
89 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $wpdb->query( "TRUNCATE TABLE $tablename" );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L538

Cross-Site Scripting (XSS) in class-yoast-notification-center.php

CWE-79
File Location: admin/class-yoast-notification-center.php:538
Security Score:
88 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $echo = wp_unslash( $_POST['version'] ) === '2';
+ echo esc_html(= wp_unslash( $_POST['version'] ) === '2');
L313

Potential SQL Injection in adapter.php

CWE-89
File Location: lib/migrations/adapter.php:313
Security Score:
88 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $result = $wpdb->query( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L87

Potential SQL Injection in readability-score-results-collector.php

CWE-89
File Location: src/dashboard/infrastructure/score-results/readability-score-results/readability-score-results-collector.php:87
Security Score:
88 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $current_scores = $wpdb->get_row( $query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L35

Potential SQL Injection in cleanup-repository.php

CWE-89
File Location: src/user-meta/infrastructure/cleanup-repository.php:35
Security Score:
88 / 100
Confirmed Issue

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. High Severity (Confirmed via full AST flow control tracing). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $wpdb->query( $delete_query );
+ $wpdb->query($wpdb->prepare("SELECT ... WHERE field = %s", $variable));
L10

Insecure DOM Manipulation (XSS) in focus-focus-keyphrase-input.test.js

CWE-79
File Location: packages/js/tests/ai-generator/helpers/focus-focus-keyphrase-input.test.js:10
Security Score:
74 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = '<input id="focus-keyword-input-sidebar" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L48

Insecure DOM Manipulation (XSS) in handle-banner-tab-navigation.test.js

CWE-79
File Location: packages/js/tests/ai-content-planner/helpers/handle-banner-tab-navigation.test.js:48
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L61

Insecure DOM Manipulation (XSS) in TermDataCollector.test.js

CWE-79
File Location: packages/js/tests/analysis/TermDataCollector.test.js:61
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = '<input type="hidden" id="hidden_wpseo_focuskw" value="cutest red panda" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L19

Insecure DOM Manipulation (XSS) in render-in-portal-if-element-exists.test.js

CWE-79
File Location: packages/js/tests/elementor/render-in-portal-if-element-exists.test.js:19
Security Score:
73 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const innerHtml = document.body.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L62

Insecure DOM Manipulation (XSS) in editor-watcher.js

CWE-79
File Location: packages/js/src/elementor/initializers/editor-watcher.js:62
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- element.innerHTML = markers.removeMarks( element.innerHTML );
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L23

Insecure DOM Manipulation (XSS) in stringHelpers.js

CWE-79
File Location: packages/js/src/helpers/stringHelpers.js:23
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- tmp.innerHTML = string;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L6

Insecure DOM Manipulation (XSS) in focus-focus-keyphrase-input.test.js

CWE-79
File Location: packages/js/tests/ai-generator/helpers/focus-focus-keyphrase-input.test.js:6
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L24

Insecure DOM Manipulation (XSS) in focus-focus-keyphrase-input.test.js

CWE-79
File Location: packages/js/tests/ai-generator/helpers/focus-focus-keyphrase-input.test.js:24
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = `
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L657

Insecure DOM Manipulation (XSS) in app.js

CWE-79
File Location: packages/yoastseo/src/app.js:657
Security Score:
72 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- dialog.innerHTML += "<span class=bufferbar></span>";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L37

Insecure DOM Manipulation (XSS) in render-in-portal-if-element-exists.test.js

CWE-79
File Location: packages/js/tests/elementor/render-in-portal-if-element-exists.test.js:37
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = innerHtml;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L653

Insecure DOM Manipulation (XSS) in app.js

CWE-79
File Location: packages/yoastseo/src/app.js:653
Security Score:
71 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- dialog.innerHTML += "<span class=left>" + pluginName + "</span><span class=right " +
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L11

Insecure DOM Manipulation (XSS) in htmlDecoder.js

CWE-79
File Location: packages/helpers/src/htmlDecoder.js:11
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- txt.innerHTML = htmlText;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L45

Insecure DOM Manipulation (XSS) in worker.js

CWE-79
File Location: packages/js/src/analysis/worker.js:45
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const text = translationElement.innerHTML.slice( 214 );
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L42

Insecure DOM Manipulation (XSS) in TermDataCollector.test.js

CWE-79
File Location: packages/js/tests/analysis/TermDataCollector.test.js:42
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = '<input type="hidden" id="hidden_wpseo_desc" value="description" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L67

Insecure DOM Manipulation (XSS) in TermDataCollector.test.js

CWE-79
File Location: packages/js/tests/analysis/TermDataCollector.test.js:67
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = '<input type="hidden" id="hidden_wpseo_focuskw" value="" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L12

Insecure DOM Manipulation (XSS) in normalizeHTML.js

CWE-79
File Location: packages/yoastseo/src/languageProcessing/helpers/html/normalizeHTML.js:12
Security Score:
70 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const normalizedHTML = doc.body.innerHTML;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L22

Insecure DOM Manipulation (XSS) in index.js

CWE-79
File Location: apps/content-analysis-webworker/src/index.js:22
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- resultText.innerHTML = result.text;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L53

Insecure DOM Manipulation (XSS) in index.js

CWE-79
File Location: apps/content-analysis-webworker/src/index.js:53
Security Score:
68 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- container.innerHTML = '';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L32

Insecure DOM Manipulation (XSS) in editor-watcher.js

CWE-79
File Location: packages/js/src/elementor/initializers/editor-watcher.js:32
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return widget.innerHTML.indexOf( "<" + MARK_TAG ) !== -1;
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L17

Insecure DOM Manipulation (XSS) in focus-focus-keyphrase-input.test.js

CWE-79
File Location: packages/js/tests/ai-generator/helpers/focus-focus-keyphrase-input.test.js:17
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = '<input id="focus-keyword-input-testLocation" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L37

Insecure DOM Manipulation (XSS) in TermDataCollector.test.js

CWE-79
File Location: packages/js/tests/analysis/TermDataCollector.test.js:37
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = '<input type="hidden" id="hidden_wpseo_title" value="title" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L49

Insecure DOM Manipulation (XSS) in TermDataCollector.test.js

CWE-79
File Location: packages/js/tests/analysis/TermDataCollector.test.js:49
Security Score:
67 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = '<input type="hidden" id="slug" value="slug" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L81

Insecure DOM Manipulation (XSS) in editor-watcher.js

CWE-79
File Location: packages/js/src/elementor/initializers/editor-watcher.js:81
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- const rawHtml = element.innerHTML.replace( /[\n\t]/g, "" ).trim();
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L12

Insecure DOM Manipulation (XSS) in fields.test.js

CWE-79
File Location: packages/js/tests/ai-content-planner/helpers/fields.test.js:12
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = "";
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L55

Insecure DOM Manipulation (XSS) in TermDataCollector.test.js

CWE-79
File Location: packages/js/tests/analysis/TermDataCollector.test.js:55
Security Score:
65 / 100
Needs Audit

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Medium Confidence (Fuzzy matcher overlap - minor review required). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- document.body.innerHTML = '<input type="hidden" id="hidden_wpseo_title" value="title" />';
+ element.textContent = data; // Or use DOMPurify to sanitize HTML output
L81

Weak Cryptographic Hash (MD5) in populate-file-command-handler.php

CWE-327
File Location: src/llms-txt/application/file/commands/populate-file-command-handler.php:81
Security Score:
38 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- \update_option( self::CONTENT_HASH_OPTION, \md5( $content ) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L70

Weak Cryptographic Hash (MD5) in Discovery_Client_Test.php

CWE-327
File Location: tests/Unit/MyYoast_Client/Infrastructure/OIDC/Discovery_Client_Test.php:70
Security Score:
38 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->issuer_config->allows( 'get_issuer_key' )->andReturn( \substr( \md5( self::ISSUER_URL ), 0, 8 ) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L168

Weak Cryptographic Hash (MD5) in Indexable_Repository_Test.php

CWE-327
File Location: tests/WP/Repositories/Indexable_Repository_Test.php:168
Security Score:
38 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- 'permalink_hash' => \strlen( 'https://example.com/post-1' ) . ':' . \md5( 'https://example.com/post-1' ),
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L210

Weak Cryptographic Hash (MD5) in token-manager.php

CWE-327
File Location: src/ai/authorization/application/token-manager.php:210
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->user_helper->update_meta( $user->ID, '_yoast_wpseo_ai_generator_callback_url_hash', \md5( $callback_url ) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L228

Weak Cryptographic Hash (MD5) in Indexable_Repository_Test.php

CWE-327
File Location: tests/WP/Repositories/Indexable_Repository_Test.php:228
Security Score:
37 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- 'permalink_hash' => \strlen( 'https://example.com/page-2' ) . ':' . \md5( 'https://example.com/page-2' ),
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L108

Weak Cryptographic Hash (MD5) in Callback_Url_Change_Test.php

CWE-327
File Location: tests/Unit/AI/Authorization/Application/Token_Manager/Callback_Url_Change_Test.php:108
Security Score:
36 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ->with( 123, '_yoast_wpseo_ai_generator_callback_url_hash', \md5( $new_callback_url ) )
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L200

Weak Cryptographic Hash (MD5) in token-manager.php

CWE-327
File Location: src/ai-authorization/application/token-manager.php:200
Security Score:
35 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->user_helper->update_meta( $user->ID, '_yoast_wpseo_ai_generator_callback_url_hash', \md5( $callback_url ) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L108

Weak Cryptographic Hash (MD5) in Indexable_Test.php

CWE-327
File Location: tests/Unit/Models/Indexable_Test.php:108
Security Score:
35 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ->with( 'permalink_hash', \strlen( $permalink_no_slash ) . ':' . \md5( $permalink_no_slash ) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L82

Weak Cryptographic Hash (MD5) in image-helper.php

CWE-327
File Location: src/helpers/schema/image-helper.php:82
Security Score:
34 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $id_suffix = ( $add_hash ) ? \md5( $url ) : '';
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L70

Weak Cryptographic Hash (MD5) in Indexable_Test.php

CWE-327
File Location: tests/Unit/Models/Indexable_Test.php:70
Security Score:
34 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ->with( 'permalink_hash', \strlen( $permalink ) . ':' . \md5( $permalink ) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L351

Weak Cryptographic Hash (MD5) in token-manager.php

CWE-327
File Location: src/ai/authorization/application/token-manager.php:351
Security Score:
33 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $registered_hash !== \md5( $this->urls->get_callback_url() );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L172

Weak Cryptographic Hash (MD5) in indexable.php

CWE-327
File Location: src/models/indexable.php:172
Security Score:
33 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $this->permalink_hash = \strlen( $this->permalink ) . ':' . \md5( $this->permalink );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L38

Weak Cryptographic Hash (MD5) in Callback_Url_Change_Test.php

CWE-327
File Location: tests/Unit/AI/Authorization/Application/Token_Manager/Callback_Url_Change_Test.php:38
Security Score:
33 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $old_callback_hash = \md5( 'https://old-staging.example.com/wp-json/yoast/v1/ai_generator/callback' );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L64

Weak Cryptographic Hash (MD5) in wordpress-llms-txt-permission-gate.php

CWE-327
File Location: src/llms-txt/infrastructure/file/wordpress-llms-txt-permission-gate.php:64
Security Score:
32 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return \md5( $current_content ) === $stored_hash;
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L167

Weak Cryptographic Hash (MD5) in indexable-repository.php

CWE-327
File Location: src/repositories/indexable-repository.php:167
Security Score:
32 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $permalink_hash = \strlen( $permalink ) . ':' . \md5( $permalink );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L133

Weak Cryptographic Hash (MD5) in image-helper.php

CWE-327
File Location: src/helpers/schema/image-helper.php:133
Security Score:
31 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $id_suffix = ( $add_hash ) ? \md5( $url ) : '';
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L316

Weak Cryptographic Hash (MD5) in Callback_Url_Change_Test.php

CWE-327
File Location: tests/Unit/AI/Authorization/Application/Token_Manager/Callback_Url_Change_Test.php:316
Security Score:
31 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ->with( 123, '_yoast_wpseo_ai_generator_callback_url_hash', \md5( $callback_url ) )
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L198

Weak Cryptographic Hash (MD5) in Indexable_Repository_Test.php

CWE-327
File Location: tests/WP/Repositories/Indexable_Repository_Test.php:198
Security Score:
31 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- 'permalink_hash' => \strlen( 'https://example.com/post-3' ) . ':' . \md5( 'https://example.com/post-3' ),
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L213

Weak Cryptographic Hash (MD5) in Indexable_Repository_Test.php

CWE-327
File Location: tests/WP/Repositories/Indexable_Repository_Test.php:213
Security Score:
31 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- 'permalink_hash' => \strlen( 'https://example.com/page-1' ) . ':' . \md5( 'https://example.com/page-1' ),
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L242

Weak Cryptographic Hash (MD5) in Callback_Url_Change_Test.php

CWE-327
File Location: tests/Unit/AI/Authorization/Application/Token_Manager/Callback_Url_Change_Test.php:242
Security Score:
30 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ->with( 123, '_yoast_wpseo_ai_generator_callback_url_hash', \md5( $new_callback_url ) )
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L343

Weak Cryptographic Hash (MD5) in token-manager.php

CWE-327
File Location: src/ai-authorization/application/token-manager.php:343
Security Score:
28 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- return $registered_hash !== \md5( $this->urls->get_callback_url() );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L196

Weak Cryptographic Hash (MD5) in Indexable_Test.php

CWE-327
File Location: tests/Unit/Models/Indexable_Test.php:196
Security Score:
28 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ->with( 'permalink_hash', \strlen( $permalink ) . ':' . \md5( $permalink ) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L183

Weak Cryptographic Hash (MD5) in Indexable_Repository_Test.php

CWE-327
File Location: tests/WP/Repositories/Indexable_Repository_Test.php:183
Security Score:
27 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- 'permalink_hash' => \strlen( 'https://example.com/post-2' ) . ':' . \md5( 'https://example.com/post-2' ),
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L106

Weak Cryptographic Hash (MD5) in image-helper.php

CWE-327
File Location: src/helpers/schema/image-helper.php:106
Security Score:
26 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $id_suffix = ( $add_hash ) ? \md5( $attachment_meta['url'] ) : '';
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L60

Weak Cryptographic Hash (MD5) in Handle_Test.php

CWE-327
File Location: tests/Unit/Llms_Txt/Application/File/Commands/Populate_File/Handle_Test.php:60
Security Score:
26 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- ->with( 'wpseo_llms_txt_content_hash', \md5( $new_content ) )
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing
L269

Weak Cryptographic Hash (MD5) in Discovery_Client_Test.php

CWE-327
File Location: tests/Unit/MyYoast_Client/Infrastructure/OIDC/Discovery_Client_Test.php:269
Security Score:
25 / 100
Potential False Positive

Rule Engine Warning

Detected insecure pattern matching known vulnerability signatures. Low Danger / False Positive Risk (Isolated non-interactive input loop). Please apply remediation steps matching the recommended patch format below.

Heuristics Diff
- $issuer_config->allows( 'get_issuer_key' )->andReturn( \substr( \md5( $staging_issuer ), 0, 8 ) );
+ password_hash($password, PASSWORD_BCRYPT); // Avoid legacy MD5 for secrets hashing