search

pantheon-systems / WordPress

WordPress upstream for the Pantheon website platform. Includes a platform integration plugins and a pre-configured wp-config.php.
Other
179 stars 228 forks source link

Test encrypted Terminus session #378

Closed kyletaylored closed 9 months ago

guardrails[bot] commented 9 months ago

:warning: We detected 78 security issues in this pull request:

Hard-Coded Secrets (9)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Hex High Entropy String**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/distributor/composer.json#L22 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#HexHighEntropyString) Medium | Title: **Secret Keyword**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/distributor/includes/classes/Authentications/WordPressDotcomOauth2Authentication.php#L42 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#SecretKeyword) Medium | Title: **Secret Keyword**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/wpforms-lite/includes/providers/class-constant-contact.php#L26 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#SecretKeyword) Medium | Title: **Secret Keyword**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/wpforms-lite/src/Integrations/LiteConnect/LiteConnect.php#L30 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr#SecretKeyword) Medium | Title: **Google OAuth Key**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/private/config/dev/sitekit_local.json#L2 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/hard-coded_secrets.html?utm_source=ghpr#google-oauth-key) Medium | Title: **Google Cloud API Key**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/map-block-gutenberg/assets/js/_source/blocks/inspector.js#L93 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/hard-coded_secrets.html?utm_source=ghpr#google-cloud-api-key) Medium | Title: **Google Cloud API Key**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/map-block-gutenberg/assets/js/editor.blocks.js#L428 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/hard-coded_secrets.html?utm_source=ghpr#google-cloud-api-key) Medium | Title: **Google Cloud API Key**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/map-block-gutenberg/map-block-gutenberg.php#L123 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/hard-coded_secrets.html?utm_source=ghpr#google-cloud-api-key) Medium | Title: **WP-Config**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/wp-native-php-sessions/inc/class-session.php#L265 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/hard-coded_secrets.html?utm_source=ghpr#wp-config) More info on how to fix Hard-Coded Secrets in [General](https://docs.guardrails.io/docs/en/vulnerabilities/general/hard-coded_secrets.html?utm_source=ghpr), [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/hard-coded_secrets.html?utm_source=ghpr) and [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/hard-coded_secrets.html?utm_source=ghpr). ---
Insecure File Management (1)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **File inclusions with user input**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/private/scripts/db-sanitize.php#L24 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/Insecure_file_management.html?utm_source=ghpr#file-inclusion-gr) More info on how to fix Insecure File Management in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/Insecure_file_management.html?utm_source=ghpr). ---
Insecure Network Communication (2)
Severity | Details | Docs :-: | :-- | :-: High | Title: **SSL verification is disabled (curl)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/framework/helpers/helpers.php#L54 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_network_communication.html?utm_source=ghpr#curl-ssl-verifypeer-off) High | Title: **SSL verification is disabled (curl)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/ocean-extra/includes/widgets/mailchimp.php#L76 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_network_communication.html?utm_source=ghpr#curl-ssl-verifypeer-off) More info on how to fix Insecure Network Communication in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_network_communication.html?utm_source=ghpr). ---
Insecure Processing of Data (21)
Severity | Details | Docs :-: | :-- | :-: Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js#L84 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js#L131 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js#L147 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/dashboard-static/js/EditCredentials.js#L166 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/static/js/helpers/useExtensionReadme.js#L25 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/static/js/screens/DemoInstall.js#L92 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/static/js/screens/DemoInstall.js#L135 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/admin/dashboard/static/js/screens/Changelog.js#L78 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/bundle/274.b2841b7778b85d53b946.js#L1 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/customizer/panels-builder/columns/AvailableItems.js#L54 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/customizer/panels-builder/placements/AvailableItems.js#L57 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/editor.js#L109 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/notification/Notification.js#L72 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/GenericOptionType.js#L431 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/GenericOptionType.js#L593 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/GenericOptionType.js#L605 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/options/ct-image-picker.js#L67 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/options/ct-radio.js#L67 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/options/ct-ratio.js#L221 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/options/html.js#L15 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) Medium | Title: **Unescaped user input in React dangerouslySetInnerHTML**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/options/typography/TypographyModal.js#L428 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr#javascript.react.dangerously-set-inner-html) More info on how to fix Insecure Processing of Data in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_processing_of_data.html?utm_source=ghpr). ---
Insecure Use of Dangerous Function (26)
Severity | Details | Docs :-: | :-- | :-: Critical | Title: **OS execution function with user input**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/private/scripts/wp-site-import.php#L8 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_use_of_dangerous_function.html?utm_source=ghpr#exec-use-gr) Critical | Title: **OS execution function with user input**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/private/scripts/wp-site-install.php#L10 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_use_of_dangerous_function.html?utm_source=ghpr#exec-use-gr) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/framework/extensions/newsletter-subscribe/admin-static/bundle/main.js#L1 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/static/bundle/sticky.js#L1 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/static/js/frontend/sticky.js#L266 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/blocksy-companion/static/js/helpers/useActivationAction.js#L109 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/bundle/142.52ae544efaeaa302199b.js#L1 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/bundle/308.b59318afcbb9e19a1fa6.js#L2 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/bundle/321.3a60ac255380431c2284.js#L1 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/bundle/36.870e0c3aa08c92b9f4dc.js#L1 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/bundle/38.4d46d7a7deb5d9fd6412.js#L1 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/customizer/controls.js#L61 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/customizer/options/widget-area/LegacyWidgetArea.js#L125 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/customizer/sync/woocommerce/archive-product.js#L53 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/dynamic-chunks.js#L310 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/editor/sync.js#L95 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/frontend/header/menu.js#L315 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/frontend/layouts/infinite-scroll.js#L57 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/frontend/lazy/overlay.js#L203 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/frontend/woocommerce/main.js#L120 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/frontend/woocommerce/mini-cart.js#L49 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/frontend/woocommerce/single-product-gallery.js#L99 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/helpers.js#L103 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/main.js#L236 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options/options/ct-select.js#L255 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) Medium | Title: **Dynamic evaluation of untrusted input (Frontend)**
https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/blocksy/static/js/options.js#L20 | [:books:](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr#javascript.lang.eval-dom-frontend) More info on how to fix Insecure Use of Dangerous Function in [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/insecure_use_of_dangerous_function.html?utm_source=ghpr) and [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/insecure_use_of_dangerous_function.html?utm_source=ghpr). ---
Vulnerable Libraries (19)
Severity | Details :-: | :-- Critical | [pkg:npm/wpcheck@1.2.0](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wp-npm/package.json#L13) upgrade to: *> 1.2.0* Critical | [pkg:npm/wpsec@2.0.0](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wp-npm/package.json#L14) upgrade to: *> 2.0.0* High | [pkg:gem/wpscan@3.8.7](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wp-rvm/Gemfile.lock#L46) upgrade to: *> 3.8.7* High | [pkg:pypi/certifi@2019.3.9](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wpbullet/Pipfile.lock#L19) upgrade to: *2022.12.07* Medium | [pkg:pypi/requests@2.21.0](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wpbullet/Pipfile.lock#L51) upgrade to: *2.31.0* Medium | [pkg:pypi/urllib3@1.24.2](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wpbullet/Pipfile.lock#L73) upgrade to: *2.0.7,1.26.18* High | [pkg:pypi/certifi@2019.3.9](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wpbullet/requirements.txt#L1) upgrade to: *2022.12.07* Medium | [pkg:pypi/requests@2.21.0](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wpbullet/requirements.txt#L5) upgrade to: *2.31.0* Medium | [pkg:pypi/urllib3@1.24.2](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/.github/security/wpbullet/requirements.txt#L8) upgrade to: *2.0.7,1.26.18* Medium | [pkg:composer/enshrined/svg-sanitize@0.15.4](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/ocean-extra/includes/themepanel/includes/libs/composer.lock#L9) upgrade to: *0.16.0* High | [chart.js@2.7.2](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/wpforms-lite/assets/lib/chart.min.js) upgrade to: *>2.9.4* High | [moment.js@2.22.2](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/wpforms-lite/assets/lib/moment/moment-with-locales.min.js) upgrade to: *>2.29.4* High | [moment.js@2.22.2](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/wpforms-lite/assets/lib/moment/moment.min.js) upgrade to: *>2.29.4* Medium | [select2@4.0.6-rc.1](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/oceanwp/inc/customizer/controls/select2.js) upgrade to: *>4.0.6* Medium | [select2@4.0.6-rc.1](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/themes/oceanwp/inc/customizer/controls/select2.min.js) upgrade to: *>4.0.6* Medium | [select2@4.0.3](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/ocean-extra/includes/metabox/butterbean/js/select2.js) upgrade to: *>4.0.6* Medium | [select2@4.0.3](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/ocean-extra/includes/metabox/controls/assets/js/select2.full.js) upgrade to: *>4.0.6* Medium | [select2@4.0.3](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/ocean-extra/includes/metabox/controls/assets/js/select2.js) upgrade to: *>4.0.6* Medium | [select2@4.0.3](https://github.com/pantheon-systems/WordPress/blob/52d0e628ffa9237cee488998442082c1a0de23fa/wp-content/plugins/ocean-extra/includes/metabox/controls/assets/js/select2.min.js) upgrade to: *>4.0.6* More info on how to fix Vulnerable Libraries in [JavaScript](https://docs.guardrails.io/docs/en/vulnerabilities/javascript/using_vulnerable_libraries.html?utm_source=ghpr), [Ruby](https://docs.guardrails.io/docs/en/vulnerabilities/ruby/using_vulnerable_libraries.html?utm_source=ghpr), [Python](https://docs.guardrails.io/docs/en/vulnerabilities/python/using_vulnerable_libraries.html?utm_source=ghpr) and [PHP](https://docs.guardrails.io/docs/en/vulnerabilities/php/using_vulnerable_libraries.html?utm_source=ghpr).

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.