Configuration & Administration

Expand all | Collapse all

Disable Wordpress DZS video gallery

  • 1.  Disable Wordpress DZS video gallery

    Posted 12 days ago
    The Wordpress DZS video gallery has multiple vulnerabilities. I'm guessing this is used in some sort of monitoring templates or something. I could only find references to wordpress in things like /var/lib/docker/devicemapper/mnt/6a1485353ca2485d375d3237a477d2e6922454419c6a3feca2aeed8eaedc1870/rootfs/usr/share/nmap/scripts/http-wordpress-plugins.nse (in multiple strings of mnt/***). I'm having trouble locating any wordpress related templates. Maybe it's just used elsewhere in the dashboard or something? Either way, I need to disable this plugin for security reasons and any help would be appreciated.

    ------------------------------
    Tyler Harbolt
    Admin
    ------------------------------


  • 2.  RE: Disable Wordpress DZS video gallery

    Posted 11 days ago
    Tyler,

    I don't think the files you found are part of WordPress itself.

    I did some digging and that file (along with the other .nse files in that directory) is a script used by the Nmap Scripting Engine.

    If that file was flagged as "Wordpress DZS video gallery" by a vulnerability scanner, we're likely seeing a false positive.  As nmap is a fairly common tool across the *nix landscape, it may be worth reporting this to the author of the scanner.

    ------------------------------
    Michael J. Rogers
    Senior Instructor - Zenoss
    Austin TX
    ------------------------------



  • 3.  RE: Disable Wordpress DZS video gallery

    Posted 8 days ago
    Thanks, that makes sense considering I couldn't find the actual plug-in. I'll pass it on to our security team.

    ------------------------------
    Tyler Harbolt
    Admin
    Tigerpoly
    ------------------------------