Immediate Update Needed for WordPress Security (wrong version detection)
Hi all, sorry if in wrong category, but I just received e-mail from multiple (whm/cPanel) servers saying:
Dear Administrator,
We've detected vulnerabilities in your WordPress setup requiring urgent action:
WordPress 3.17.3 /home/*snip*
WordPress 3.17.3 /home/*snip*
WordPress 3.17.3 /home/*snip*
WordPress 1.114.0 /home/*snip*
WordPress 1 /home/*snip*
xx more items found.Immediate steps to take:
Inform WordPress admin(s) to update immediately.
Upgrade to Imunify360 for comprehensive protection.Questions? Our support team is here to help.
Best,
Imunify360 Team
Now, obviously there's something wrong with the scan. Even WordPress 1 from 2007 :D
All the above sites are 6.4.x, so...
Anyways, wanted to point this out, not sure if this is cPanel issue, WP issue, Imunify360 campaign (just kidding) or something else, but here we go.
BR,
- Wallu
-
I do not believe that these are actual Wordpress versions rather plugin versions.
Just take a look at the Wordpress branch changelog information
no release of Wordpress ever goes above *.9
https://wordpress.org/download/releases/#branch-31
And Wordpress 1.1 never existed we jumped straight from 1.0 to 1.2
Do you perchance have Elementor or Elementor pro installed in those listed directories?
https://raw.githubusercontent.com/elementor/elementor/main/changelog.txt
Because the version numbering is awfully similar to them.1 -
Hi ITHKBO, yeah there are both Elementor and Pro on those sites.
Edit: I checked the sites, and 3.17.3 is indeed Elementor. 1.114.0 seems to be Site Kit by Google. So you were right, not WP versions.
Anyways, confusing message say the least, or at least not very informative.
0 -
So is this the same message we've been getting in the past only made more urgent and formatted poorly?
0 -
Yeah, I don't know if this is new or replacing some.
I do know that I've been getting 2 reports:
1. Labeled as "Site vulnerabilities found", which is generated by WP Toolkit. It has plugin info and versions in it, and also the Vulnerability info.
2. Labeled as "Outdated or vulnerable software discovered", which (not sure) is Imunify related, and also has/had plugin and version info in it.
Now, maybe the new one, "Immediate Action Required: Security Vulnerabilities Detected" has replaced the latter, and just has less info in it :) ...I don't know.
0 -
Just looked at older reports, and what I just wrote, might be the case.
Both, the "Outdated or vulnerable software discovered" and "Immediate Action Required: Security Vulnerabilities Detected" have "tag":
“Imunify::Generic”
So, it just might be that the report has been "updated" not to include relevant info and the topic has been changed. Just guessing here.
1
Please sign in to leave a comment.
Comments
5 comments