Questions? Call us today!
0333 773 7700

Software Vulnerability Email

Currently we run a piece of software that scans most software packages for known vulnerabilities, warns the user, and then attempts to automatically patch the vulnerabilities.

The scans occur daily and if a vulnerability is detected the user will be emailed with something similar to the following:

Dear Account Administrator,

We have detected software vulnerabilities in PHP scripts on your hosting package. To prevent system abuse resulting from exploitation of these vulnerabilities, these should be addressed as quickly as possible. This concerns the following vulnerabilities:

CSRF vulnerability in WordPress
/home/example/public_html/wordpress/wp-admin/includes/ajax-actions.php

XSS vulnerability in WordPress
/home/example/public_html/wordpress/wp-admin/network/settings.php

SSRF vulnerability in WordPress
/home/example/public_html/wordpress/wp-includes/http.php

CSRF vulnerability in WordPress
/home/example/public_html/wordpress/wp-admin/includes/template.php

Vulnerabilities such as these can allow third parties to access your hosting package and abuse this through e.g. uploading malware for various purposes. We strongly recommend you check the entire hosting package for other files that appear out of place, which our detection system might have missed.

If you have any questions arising from this message, please contact our customer support department.

Best regards,
Your hosting provider

If you receive one of these emails then you can either wait to see if the software can automatically patch the detected vulnerabilities or you can patch them yourself. Please note, however, that if you wait for them to be automatically patched your site will be vulnerable until this has been completed. The automated patch normally takes around 24 hours, although this depends on the scale of the issue and the amount of people suffering from the same issue.

Here's an example of an automatic fix email:

Dear Account Administrator,

We have detected software vulnerabilities in PHP scripts on your hosting package. To prevent system abuse resulting from exploitation of these vulnerabilities, our system has automatically fixed these issues for you. This concerns the following vulnerabilities:

XSS vulnerability in WordPress
/home/example/public_html/wordpress/wp-includes/class-wp-theme.php

Vulnerabilities such as these can allow third parties to access your hosting package and abuse this through e.g. uploading malware for various purposes. We strongly recommend you check the entire hosting package for other files that appear out of place, which our detection system might have missed.

If you have any questions arising from this message, please contact our customer support department.

Best regards,
Your hosting provider

If you chose to resolve this yourself then in nearly all cases updating the WordPress install and any plugins you have will patch any vulnerability. In the instance that the vulnerability isn't to do with a plugin/WordPress install update then research into this on the WordPress forums usually results in a fix.

In the event that the software detects malicious software, rather than a vulnerability, the malware will be quarantined within 2 hours and an email notification will be sent out.

Is article helpful?