TECHZEN Zenoss User Community ARCHIVE  
FORUMS / Configuration & Administration / DISCUSSION

Disable Wordpress DZS video gallery

Subject: Disable Wordpress DZS video gallery
Author: Tyler Harbolt
Posted: 2021-10-04 11:04

The Wordpress DZS video gallery has multiple vulnerabilities. I'm guessing this is used in some sort of monitoring templates or something. I could only find references to wordpress in things like /var/lib/docker/devicemapper/mnt/6a1485353ca2485d375d3237a477d2e6922454419c6a3feca2aeed8eaedc1870/rootfs/usr/share/nmap/scripts/http-wordpress-plugins.nse (in multiple strings of mnt/***). I'm having trouble locating any wordpress related templates. Maybe it's just used elsewhere in the dashboard or something? Either way, I need to disable this plugin for security reasons and any help would be appreciated.

------------------------------
Tyler Harbolt
Admin
------------------------------

Subject: RE: Disable Wordpress DZS video gallery
Author: Michael Rogers
Posted: 2021-10-05 12:57

Tyler,

I don't think the files you found are part of WordPress itself.

I did some digging and that file (along with the other .nse files in that directory) is a script used by the Nmap Scripting Engine.

If that file was flagged as "Wordpress DZS video gallery" by a vulnerability scanner, we're likely seeing a false positive.  As nmap is a fairly common tool across the *nix landscape, it may be worth reporting this to the author of the scanner.

------------------------------
Michael J. Rogers
Senior Instructor - Zenoss
Austin TX
------------------------------

Subject: RE: Disable Wordpress DZS video gallery
Author: Tyler Harbolt
Posted: 2021-10-08 08:25

Thanks, that makes sense considering I couldn't find the actual plug-in. I'll pass it on to our security team.

------------------------------
Tyler Harbolt
Admin
Tigerpoly
------------------------------


< Previous
Zenoss 6 Graph Consolidation MAX issue 		  Next
Use Zenoss to Monitor Office 365 Service Health 		>