False alert for a plugin vulnerability (wpDataTables)

  • Resolved Emielb

    (@emielb)


    4 months, 4 weeks ago

    Hi,

    For some weeks now, we repeatedly receive security vulnerability alerts for the plugin wpDataTables. As explained by the plugin author (topic), this vulnerability only concerned the Premium version and has been patched since version 6.3.2.

    The free version, that I have, shouldn’t get these alerts, as it has never been affected by this vulnerability. Even if I ignore the alerts, I get a new alert each time the free version is updated, because it currently is at version 3.4.2.18 (< 6.3.2).

    Is this a bug of WordFence that doesn’t detect the difference between the free and paid version, or should the author have gone for two different plugin slugs for example?

    Is there a way to ignore a specific vulnerability, regardless of the plugin version?

    Thank you!

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @emielb, thanks for highlighting this.

    Unfortunately the reason why this keeps getting flagged is down to the premium and free versions sharing the same slug. The solution from the developer’s side would be to give the premium version a distinct slug or bring their version numbers in-line with each other.

    I will let our Threat Intelligence team know about the issue, just in case there is a safe range of premium versions that don’t include the vulnerability, potentially excluding the current in-use free version numbers. However, I can’t guarantee that will turn out to be a suitable solution.

    Many thanks,
    Peter.

    Thread Starter Emielb

    (@emielb)

    Hi @wfpeter,

    Thanks for your reply! I’ll let the plugin author know.

    As far as I know it’s not possible to do that today, but a more general solution for these cases would be to be able to ignore a specific alert (based on its CVE). Maybe that involves risks I’m not thinking about, but it would be very practical in any case.

Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.