Incorrect plugin matching

  • Resolved Mikko Saari

    (@msaari)


    2 years, 2 months ago

    Jetpack Protect has problems telling apart plugins. I ran the scan on a site that has the following plugins:

    – Relevanssi Premium 2.19.1
    – Relevanssi Premium Snowball Stemmer 1.4

    According to Jetpack Protect, both these plugins have multiple vulnerabilities. However, these are all false positives: they are old vulnerabilities for the free version of Relevanssi. Relevanssi Premium has had vulnerabilities of its own, but all have been fixed. Relevanssi Premium Snowball Stemmer has never had any vulnerabilities.

    I tried scanning with WPScan, and WPScan does not do the same. It can tell the different plugins apart and doesn’t blame Relevanssi Premium for vulnerabilities in old versions of Relevanssi.

    See screenshots:

    Jetpack Protect: https://www.dropbox.com/s/8xlruy466alu3ht/jetpack-protect-false-positives.png?dl=0.
    WPScan: https://www.dropbox.com/s/p75vp60yrt0sy9p/wpscan.png?dl=0.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support Dan (a11n)

    (@drawmyface)

    Thanks for reporting this! I’ve passed this on to our developers and we’ll get back to you when we have an update.

    Plugin Support Dan (a11n)

    (@drawmyface)

    Hi Mikko

    It’s difficult for us to confirm this without access to the premium plugins. Am I right in thinking you are the developer of these plugins? If so, would you be able to provide our developers with access to the plugins so they can verify the issue?

    Could you contact us via this contact form and mention this thread?

    Thanks!

    Thread Starter Mikko Saari

    (@msaari)

    Thanks, I did that.

    Plugin Support MadHatter (a11n)

    (@madhattersez)

    Much appreciated!

    We’ll go ahead and close this thread out for now and assist you on the ticket.

    Have a great rest of the week.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Incorrect plugin matching’ is closed to new replies.