@jeroenrotty kun je mij hierbij helpen aub?
Beste Jeroen,
Bedankt voor je reactie.
Ik krijg deze meldingen vanuit Thuiswinkel. Zij scannen mijn website voordat zij een certficaat afgeven. En dit heeft dus te maken met mijn contact pagina.
Vandaag is er nog iets geks bijgekomen namelijk dit (ik heb de meest recente update):
Threat
WordPress is the most commonly used Content Management System.
Multiple Vulnerabilities are affecting WordPress prior to 5.4.1:
CVE-2020-11025 Authenticated Cross-Site Scripting (XSS) in Customizer
CVE-2020-11026 Authenticated Cross-Site Scripting (XSS) in File Uploads
CVE-2020-11027 Password Reset Tokens Failed to Be Properly Invalidated
CVE-2020-11028 Unauthenticated Users View Private Posts
CVE-2020-11029 Cross-Site Scripting (XSS) in wp-object-cache
Impact
Authenticated users could be able to upload malicious files and execute malicious JavaScript.
For CVE-2020-11027, When a user requested a password reset link, but did not use it and instead reset their password by logging in, the password reset link would
still be usable.
For CVE-2020-11028, unauthenticated users can view private posts by manipulating time and date queries.
Solution
Upgrade to latest version of WordPress 5.4.1.
