Skip to main content

Resolving a bugged CVSS in WP Toolkit - RESOLVED

Comments

12 comments

  • cPRex Jurassic Moderator

    Hey there!  If you can get me details on how I can reproduce the issue I'd be happy to file the report on my end, although I would have expected your hosting provider to take care of this for you.

    0
  • yari giordanengo

    i'm stil waiting to get a hold of my hosting provider.. but i don't know if they would care to reach out to WP or Cpanel as Wordfence has specifically said the issue is within the way WPToolkit reads the plugin version. 

    Anyhow to reproduce its super easy, install via WP Toolkit brand new WP site *lates versions*. Install latest Plugin version of ThemREX Addons *mine is 1.71.40.9* and you will imediatly get a CVSS 9.8 warning in WP Toolkit . Refering to an old old version 1.60.x  but Wordfence had all later versions of this plugin set as pached. 

     


    quoting wordfence:

    "Thanks for sending that over. It looks like Plesk is incorrectly reporting this issue, which means their
    version detection may have a bug and is incorrectly reporting the issue as unpatched. I recommend
    reaching out to them for a resolution, as there is nothing we can do on our end since our data indicates
    the vulnerability is patched.
    Thanks and have a great day!
    Wordfence Threat Intelligence Lead"

    they said plesk thinking i was on plesk but im on Cpanel *latest version of course*. 

    0
  • cPRex Jurassic Moderator

    Thanks for that!  I've reached out to the WP Toolkit team and I'll see if I can get more details from them about this issue.  I'll be sure to post an update once I have one.

    0
  • yari giordanengo

    wow cprex, thank you ! i realy apriciate it. 

    0
  • cPRex Jurassic Moderator

    I heard back from the WP Toolkit team and they are looking into this internally and they will also be contacting Wordfence if necessary to get this resolved.  If I hear anything on my end I'll be sure to post an update!

    0
  • yari giordanengo

    WOW thank you, i was not execting such help via forum, really great thanks cprex, plus its not even my plugin but the devs from ThemeRex was unsure how to resolve it but i hate having a little red "vunerable" in my Toolbox screen hehe im a bit ocd. 

    0
  • cPRex Jurassic Moderator

    You're very welcome!  I can't say for sure when or how quickly this will get resolved, but at least the team is looking at it at this point.

    0
  • yari giordanengo

    Good morning cPRex is there some update/anything i can do to help this allong? was just doing an audit of to do security stuff and of course this poped out in my head hehe. 

    0
  • cPRex Jurassic Moderator

    I reached out to the WP Toolkit team and they did confirm they are working with Wordfence at this time.  I don't have any more specifics, but it seems things are happening behind the scenes!

    1
  • yari giordanengo

    cPRex your the man ! that did it, today i checked and the bugged CSVV has been removed. its fixed :)

    0
  • cPRex Jurassic Moderator

    You're very welcome!

    0

Please sign in to leave a comment.