Danger warning

  • I3UK

    (@i3uk)


    2 years ago

    Hi there, what about the message?

    wpDataTables < 3.4.1 – Unauthenticated SQL Injection
    wpDataTables < 3.4.2 – Improper Access Control leading to Table Permission Takeover
    wpDataTables < 3.4.2 – Improper Access Control leading to Table Data Deletion
    wpDataTables < 3.4.2 – Blind SQL Injection via start Parameter
    wpDataTables < 3.4.2 – Blind SQL Injection via length Parameter`

    I’m using the 2.1.44 free version but i’m reciving these iThemes warnings.
    Thank you if you let me know.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author wpDataTables

    (@wpdatatables)

    Hello,
    The vulnerability was found in the full version of wpDataTables v3.4.1, so all premium versions before that can be affected.

    Lite version does not have these functionalities (such as SQL based tables),
    so Lite version was never affected.
    Those reports are not related to the Lite version, but they can be reported in the lite version because the resources where this information about themes or plugins vulnerabilities are stored are generated by the theme or the plugin slug. Those slugs are the same in both lite and the full version, and because of that, you get those notifications.

    The important thing is that there’s nothing to worry about. Newer versions of the wpDataTable premium don’t have these issues, ( the latest one is 4.5)

    and Lite versions never did.

    Kind regards.

    wilcochris

    (@wilcochris)

    Hi @wpdatatables is there anything that can be done to suppress these messages as it is causing issues on the site health status and shows that site performance is bad because of these vulnerabilities that don’t affect the version of the plugin we have. Thanks

    • This reply was modified 2 years ago by wilcochris.
    Plugin Author wpDataTables

    (@wpdatatables)

    Hey @wilcochris thank you for reaching out to us.

    Unfortunately, there’s nothing we can currently do about this.

    Both wpDataTables Full and wpDataTables Lite have the same slug ‘wpdatatables’, so this is why it’s being flagged as a false positive.

    The health check sees the Lite version you have installed (which is currently 2.1.44), and since it’s lower than the reported version (3.4.2 – wpDataTables Full), it will flag it as a threat.

    Only when the Lite version goes above v3.4.2 will it no longer appear in these reports.

    Kind regards.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Danger warning’ is closed to new replies.