Hello,
We apologize for the issue you are facing with the vulnerabilities reported by your SAST tool. It’s important to address these concerns to ensure the security of your website.
While we cannot directly analyze the Excel spreadsheet you provided, we recommend reviewing the specific vulnerabilities listed in your report. If they pertain to Rank Math or any of its dependencies, we suggest checking for updates or patches that may resolve these issues.
Additionally, you can refer to our documentation on securing your website and plugins, which may provide further insights on how to mitigate these vulnerabilities: Secure Your Website.
If you have further questions or need assistance, please reply to this ticket, and a human agent from the Rank Math Support team will take over and assist you further.
Thank you for raising this concern!
Quick update, my data filter seems to not have worked properly on the Excel file. There is a Status column and any reported items with a status of “resolved” can be ignored, those were fixed by updating the plugin.
Hello,
Thank you for the update.
If the reported vulnerabilities with a status of “resolved” were fixed by updating the plugin, it sounds like you’re on the right track. For any remaining items flagged by your SAST tool, feel free to share specific details, and we can investigate further to ensure everything is secure.
Hope that helps, and please do not hesitate to let us know if you need our assistance with anything else.
Sorry if I wasn’t clear. The spreadsheet I sent still has many vulnerabilities with a status of “detected”, but a couple of items with a status of “resolved”. I had meant to filter out the resolved ones before I sent over the list, but updating the plugin didn’t resolve them all. You can just ignore any in the provided spreadsheet that are of status “resolved”. I believe 8 of the 44 in the report are already resolved by the plugin update.
Hello,
We have shared this with our development team.
We should get back to you once we have an update from them.
Thank you so much for bringing this to our attention.
Hello,
Thank you for sharing this list. We’ve thoroughly checked each of the flagged vulnerabilities, and I’m happy to report that there’s no real threat to worry about.
These types of automated scans tend to generate quite a few false positives, and that seems to be the case here. Everything is secure, but we really appreciate you bringing this to our attention.
Feel free to reach out if you have any more questions.
Hello,
Since we did not hear back from you for 15 days, we are assuming that you found the solution. We are closing this support ticket.
If you still need assistance or any other help, please feel free to open a new support ticket, and we will be more than happy to assist.
Thank you.
