Resolving a bugged CVSS in WP Toolkit - RESOLVED
So i reached out to wordfence, as they provided the original CVSS testing, and the wp plugin vunerability has since been resolved.
In wordfences program the plugin shows as fixed/patched. But in WP Toolkit it does not.
Wordfence says its an issue with WPToolkit and a bug in how it reads the version of the plugin, and to reach out to cpanel as they can't fix it on their end, Cpanel says they dont do support any more, and they sent me to my VPS supplies that says to talk to Wordpress,... does any one know who actually manages the Wordfence implementation in WP Toolking within CPANEL so i can reach out to them with a critical bug in how a plugin shows as vunerable but it's in fact fixed???
-
Hey there! If you can get me details on how I can reproduce the issue I'd be happy to file the report on my end, although I would have expected your hosting provider to take care of this for you.
0 -
i'm stil waiting to get a hold of my hosting provider.. but i don't know if they would care to reach out to WP or Cpanel as Wordfence has specifically said the issue is within the way WPToolkit reads the plugin version.
Anyhow to reproduce its super easy, install via WP Toolkit brand new WP site *lates versions*. Install latest Plugin version of ThemREX Addons *mine is 1.71.40.9* and you will imediatly get a CVSS 9.8 warning in WP Toolkit . Refering to an old old version 1.60.x but Wordfence had all later versions of this plugin set as pached.
quoting wordfence:
"Thanks for sending that over. It looks like Plesk is incorrectly reporting this issue, which means their
version detection may have a bug and is incorrectly reporting the issue as unpatched. I recommend
reaching out to them for a resolution, as there is nothing we can do on our end since our data indicates
the vulnerability is patched.
Thanks and have a great day!
Wordfence Threat Intelligence Lead"they said plesk thinking i was on plesk but im on Cpanel *latest version of course*.
0 -
the direct links to the patched wordfence site in case it helps
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/trx_addons0 -
Thanks for that! I've reached out to the WP Toolkit team and I'll see if I can get more details from them about this issue. I'll be sure to post an update once I have one.
0 -
wow cprex, thank you ! i realy apriciate it.
0 -
I heard back from the WP Toolkit team and they are looking into this internally and they will also be contacting Wordfence if necessary to get this resolved. If I hear anything on my end I'll be sure to post an update!
0 -
WOW thank you, i was not execting such help via forum, really great thanks cprex, plus its not even my plugin but the devs from ThemeRex was unsure how to resolve it but i hate having a little red "vunerable" in my Toolbox screen hehe im a bit ocd.
0 -
You're very welcome! I can't say for sure when or how quickly this will get resolved, but at least the team is looking at it at this point.
0 -
Good morning cPRex is there some update/anything i can do to help this allong? was just doing an audit of to do security stuff and of course this poped out in my head hehe.
0 -
I reached out to the WP Toolkit team and they did confirm they are working with Wordfence at this time. I don't have any more specifics, but it seems things are happening behind the scenes!
1 -
cPRex your the man ! that did it, today i checked and the bugged CSVV has been removed. its fixed :)
0 -
You're very welcome!
0
Please sign in to leave a comment.
Comments
12 comments