Patchman Overwriting ClassicPress with WordPress Files

I’m using a reseller account at A2 Hosting, which has Patchman enabled in cPanel. I got an email that it found two vulnerabilities…

XSS vulnerability in WordPress
home/user/public_html/account/wp-admin/js/post.js

XSS vulnerability in WordPress
/home/user/public_html/account/wp-includes/js/wp-sanitize.js

It then overwrites the files with the current WordPress version.

I sent an email to Patchman about the issue. Figured I’d post it here as well.

9 Likes

Thanks for this @seanthompson

2 Likes

You’re welcome.

2 Likes

Hadn’t heard of Patchman but looks like a security scanning service. Not good if they are overwriting CP files though, so it’s great you contacted them to make them aware of it. Please let us know what they say Sean.

(… and welcome!).

3 Likes

Will do.

… Thanks.

1 Like