Doesn’t Warn About Unfixed Vulnerabilities

  • Resolved pluginvulnerabilities

    (@pluginvulnerabilities)


    7 years, 7 months ago

    This plugin has pretty serious issue; it doesn’t provide a warning when an installed plugin has a vulnerability that hasn’t been fixed. Those vulnerabilities are the most important to warn about since even if you are keeping your plugins up to date you would still be vulnerable to those.

    The issue is caused by the code that determines if the plugin is known to be vulnerable, which does that by comparing the version number of the version of the plugin in use against the version number that the vulnerability was fixed in. For vulnerabilities that haven’t been fixed, the fixed version number will be null and the plugin will be considered to not be known to be vulnerable.

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Doesn’t Warn About Unfixed Vulnerabilities’ is closed to new replies.