Plugin flagged as critical security issue. A false positve?

  • Resolved peopleinside

    (@peopleinside)


    3 months, 4 weeks ago

    Hi, recently Wordfence alerted me about dangerous code in a plugin.

    The issue reported from Wordfence looks very severe: critical with the risk to have a takeover to the website.

    I contacted the plugin developer where I sent the screenshot and details of the report. The plugin developer told me it’s a false positive but the reported string was and is really present on the plugin code.

    The developer also told me they had a conversation with Wordfence (I don’t know when) and you also said the issue can be ignored.

    Where can I report this issue to you to get fixed on Wordfence or, if is not a false positive, from that plugin developer?

    For now I removed that extension because I feel no more secure with it but if is real a false positive Wordfence should not report this strings as security issue on that plugin.

    Can I contact you with details in private in some way or this is not possible with the free plugin? You should allow a private message with a security reports. I cannot share more details here ?? for understand if the issue is from Wordfence or from that plugin.

    Thank you!

Viewing 1 replies (of 1 total)
  • Thread Starter peopleinside

    (@peopleinside)

    I was informed now this issue has been reported directly from the plugin developer to you in a public discussion here. Well, I have to email the team just to know if this is a real false positive and so if I can install back the plugin that I removed due to your report.

    I mark this solved as the issue has been yet reported to you. I will get in touch with your security team by email to have more details about that.

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.