vulnerable software discovered

Hi,

I don’t see anything in that CVE related to Advanced Google reCAPTCHA. That CVE reffers to an issue in some other plugins by Bestwebsoft due to a common function they use in all their plugins ( https://nvd.nist.gov/vuln/detail/CVE-2017-2171#range-11666250 ) Do they provide any other details in that message?

Thank you for your reply,

I do not have any plugins by Bestwebsoft installed.

Here’s the complete message:

Dear Administrator,

This message is to provide you important information regarding web server security. Please note that the following software in your environment is considered to be outdated or vulnerable:

• advanced-google-recaptcha version 1.22 that is located at /home/homemadecircuits/public_html has vulnerability(s):
  • CVE-2017-2171

Please do the following:

• Option 1: Make sure WordPress administrator(s) responsible install the necessary updates.
• Option 2: Upgrade from ImunifyAV to Imunify360 to cut down the risks that come with outdated software.

If you have any questions, please contact our support team.

All the best,
Imunify360 Security Team

• This reply was modified 4 months ago by swagatam1975.

It seems Immunify360 has some issue identifying WordPress plugin vulnerabilities ( see last reply from Immunify here https://forum.cloudlinux.com/forum/imunify360/general-discussion-ab/39490-notice-of-vulnerabilities-from-imunify360-for-woocommerce-on-cpanel ) so I guess it’s a false positive ??

OK, got it!

Thanks very much for the clarification!