Vulnerability report linked to different plugin

  • Resolved alertergroup

    (@alertergroup)


    6 months, 2 weeks ago

    We have installed the Plugin “GDPR Cookie Consent” by WebToffee. https://www.webtoffee.com/product/gdpr-cookie-consent/ Version 2.5.9. CleanTalk is generating the following warning for this plugin: “This version contains a known vulnerability CVE-2024-3599. Updating the plugin to a version higher than 3.1.0 is strongly recommended. Full report is?here?Have questions? Ask us?here“.

    The WebToffee team advises that this looks like a false positive because the vulnerability report is for a different plug. Please see message from WebToffee team below:

    “We can see that you are using the Cleantalk plugin to check for vulnerabilities on your site, and we truly appreciate your efforts in keeping your site safe. We want to reassure you that there are currently no vulnerabilities in our plugin. The vulnerability alert shown in the banner is for “WP Cookie Consent (for GDPR, CCPA, and ePrivacy) by WPEkaClub, not our plugin “GDPR Cookie Consent Plugin (CCPA Ready)” by WebToffee.
    ?
    The message you are receiving might be due to a glitch in the Cleantalk plugin. If you click on the vulnerability report link generated by the plugin, you can see that the report is for “WP Cookie Consent (for GDPR, CCPA, and ePrivacy)” by WPEkaClub. Additionally, you may contact the Cleantalk plugin team regarding this.”

    Please can you advise next steps and whether our installed plugin contains vulnerabilities or not.

    The page I need help with: [log in to see the link]

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Support sergecleantalk

    (@sergecleantalk)

    Hello,

    We will investigate this and inform you within 1-3 business days.

    Plugin Support katereji

    (@katereji)

    Hello.
    We have fixed the issue. Please, check the result and let us know if you need further assistance.

    Plugin Support SergeM

    (@serge00)

    We haven’t received your reply in a few days, so I’m going to mark this topic as “resolved”.
    If you have any further questions, you can start a new topic anytime.

    Thread Starter alertergroup

    (@alertergroup)

    Good afternoon. We have updated the WebToffee plugin to version 2.6.0 and are receiving a similar vulnerability report again:

    “This version contains a known vulnerability CVE-2024-3599. Updating the plugin to a version higher than 3.1.0 is strongly recommended. The full report is?here. Have questions? Ask us?here.”

    As before Please can you advise next steps and whether our installed plugin contains vulnerabilities or not.

    Thank you

    Plugin Support amagsumov

    (@amagsumov)

    Hello @alertergroup,

    Thank you for the information.

    I’ve passed your details to the programmer staff.

    We will write back to you within 3 business days when we get any results.

    Please wait.

    Plugin Support dimitrycleantalk

    (@dimitrycleantalk)

    Hello @alertergroup,

    This is a false notification, there is no vulnerability in your plugin. But unfortunately, we need more time to fix this issue.

    We’ll contact you as soon as we have any results.

    We are sorry for the inconvenience caused.

    Plugin Support dimitrycleantalk

    (@dimitrycleantalk)

    Hello @alertergroup,

    We’ve fixed this issue. You can find the new version here: https://github.com/CleanTalk/security-malware-firewall/releases/download/fix-version/security-malware-firewall.zip

    Could you please install this version and recheck this issue?

    Did it help?

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.