Problem blocking my site because of HTML: Iframe-inf
hxtps://tv.myegy.cam/
The problem only appears inside the articles
Please help me to solve this problem
Problem blocking my site because of HTML: Iframe-inf
hxtps://tv.myegy.cam/
The problem only appears inside the articles
Please help me to solve this problem
Hi Gado Mix,
Outdated Plug-in software: WordPress Plugins
The following plugins were detected by reading the HTML source of the WordPress sites front page.
jetpack 7.2 latest release (8.0)
https://jetpack.com
menu-icons latest release (0.12.2)
https://github.com/
Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Also Fortinet & Netcraft flag it: https://www.virustotal.com/gui/url/c58cb1839c2e44436db73f9cfc1ca97d2a84e896948794ed6209d28fa91af99f/detection
See recommendations found through linting: https://webhint.io/scanner/635fcb31-1bb0-4a99-8521-714029c8ac06
Retire.js issues: Retire.js
jquery 1.12.4 Found in -https://tv.myegy.cam/wp-content/themes/myegy.cam/Interface/js/jquery.min.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
jquery 1.12.4 Found in -https://tv.myegy.cam/wp-includes/js/jquery/jquery.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers 123
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution
JavaScript errors detected: File not found: -http://platform.twitter.com/widgets.js
File not found: -/wp-content/themes/myegy.cam/Interface/css/jquery-accordion-menu.css
TypeError: $ is not a function
-/wp-content/themes/myegy.cam/Interface/js/ajax-login-script.js:1
TypeError: Cannot read property ‘addEventListener’ of undefined
-/watch/%d9%85%d8%b5%d8%a7%d8%b1%d8%b9%d8%a9/:1523
-/watch/%d9%85%d8%b5%d8%a7%d8%b1%d8%b9%d8%a9/:1514
Also check DOM_XSS issues here: Results from scanning URL: -//deloplen.com/apu.php?zoneid=2786745
Number of sources found: 35 (input that can eventually be controlled)
Number of sinks found: 12 (methods to achieve that)
(This is what adblockers block and probably at the core of your problems).
Wait for an avast team member to give a final verdict, take care the JavaScript adware malcode has been cleansed.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Detection has not been seen and what have happened is that the articles contain ad links and redirected to a known page where there was HTML: Iframe-inf
Access the log WebShield.txt located in the folder.
Click on Start Menu and find Run
C:\ProgramData\AVAST Software\Avast\report
Enter and press the OK button.
@3arbcloud,
Remove live links, else your posting could be considered as spam.
What is the problem? This as the website is neither being blacklisted nor blocked?
polonus