Replies: 1
Hello!
I have a situation where a site is infected with malware.
The scanner returns two results a “high” and a “critical”
https://paste.pics/Q9TQV (edited for clarity)
The “critical” issue is a reported vulnerability in a widely used plugin. This poses a risk of getting malware or hacked.
The “high” issue is an system file, modified with a malware script that loads in a third party hostile javascript.
Why is the risk marked “critical” while the actual infection marked “high” ?
This means I have to change my settings to get alerts at level “high” as this apparently needs acute and immediate attention, something I thought was reserved for critical issues.
In short, why are modified core files not automatically marked “critical” ?
Can you comment?