False Security Threats

Hi @sjonespl16

Could you please post your site URL here so that we can have a look?

If you want it to remain private, you can also contact us via this contact form:

https://jetpack.com/contact-support/?rel=support&hpi=1

If you choose to reach out directly, please include a link to this thread.

Thanks!

URL is https://ngpl.ca/

I have not reached out directly because I read that support is reserved for those who have paid accounts and we are only using the free version. I have gone into the css files to locate the identified threat and deal with it as suggested by others but it doesn’t exist in the code. Now something very weird has happened, I just logged in and its no longer showing though it’s been there for months.

Nevermind it’s back.

Hi @sjonespl16

Thanks for following up to share your website. We’re happy to help resolve the issue and it would be helpful to have some additional information about the threat you’ve encountered. Can you share a screenshot along with any other relevant information so we can advise further?

You can create screenshots using something like Snipboard: https://snipboard.io/ or Imgur: https://imgur.com and post the link in a reply here.

Thanks Bruce. Below is a screenshot. Lately I am finding that sometimes it is there and other times it is not.

I have followed all the links, from the protect overview page and follow more links to eventually end up on the ThemeRex page (https://themerex.net/wp/themerex-addons-vulnerability-fixed/) where they indicate that they have fixed the issue and instructions on how to see if a site is fixed or how to remove the affected code ourselves. I have followed all instructions and the code does not exist in our files so not sure why Jetpack Protect keeps insisting there is a threat.

Hello @sjonespl16 !

I am on the Protect / Scan team at Automattic. Thank you for the details you’ve shared regarding your situation. After evaluating, we have updated the vulnerability information to now reflect that it is fixed in versions 1.70.3.1 and greater.

If your theme is using a version of the plugin that is greater than 1.70.3.1, then the threat notification should go away. The vulnerability was also patched on select older versions. Allowing for time to reflect the change, please let us know if the notification has been cleared. Otherwise, we can look into adding the specific fixed version or otherwise removing the notification for you.

• This reply was modified 1 year, 1 month ago by Jared.

Hello @sjonespl16

It’s been one week since this topic was last updated. I’m going to mark this thread as solved. If you have any further questions or need more help, you’re welcome to open another thread here. Cheers!

Hi there,

Sorry! I have been meaning to respond. I checked as soon as Jared had said that it was fixed but it was still there so I left it a few days. I logged in this morning and it wasn’t there but as soon as I updated some plugins it came back.

Thank you for following up @sjonespl16 !

It sounds like the specific version of ThemeREX you’re using was a patched one but earlier than 1.70.3.1. I will look into adding the previously patched specific version for you and we’ll see if that resolves the situation. I will update here again once that’s ready.