Plugin Vulnerable False Positive

Hi @thyran,

Thank you for reaching out regarding a possible false positive!? Since you confirmed that you are on Fremius SDK 2.7.2, you can safely ignore the scan result.? You can ignore results in Wordfence > Scan by clicking Ignore next to the scan result in Results Found.? If you ever want to stop ignoring the result, you can use Stop Ignoring under Ignored Results.

Can you also send us the plugin slug used for Divi Torque Pro please?  If you’re unsure where to locate this, you can send a diagnostic report to wftest @ wordfence . com and we can review.  You can find the link to do so at the top of the Wordfence > Tools > Diagnostics page. Then click on “Send Report by Email”. Please add your forum username where indicated and respond here after you have sent it.

NOTE: It should look as follows – Screenshot of Tools > Diagnostic > Send by Email

Thanks,
Margaret

Hi @wfmargaret

Thank you for your response. Loving your plugin thank you

I have replied to the email and sent the diagnostic report.

Please see what can be done to stop this threat from being detected. I have the plugin installed on many of my clients sites and don’t want to have to ignore the issue on each one.

Hi @thyran,

Thank you for following up with us and I’m happy to hear you’ve been enjoying Wordfence! When checking our API with the plugin slug, we don’t see any vulnerability results returned. We have a few things we’d like to try to determine what’s causing the result on your site.

You have a drop-in caching plugin. Please try clearing your object cache to remove any bad cache records that may have led to the result. Once your cache is cleared, try running the scan.

Does your child theme include any bundled copies of the free plugin? This is rare for a Divi child theme, but we have seen bundled plugins that are hidden from the plugin list in the past.

If the above doesn’t help, please deactivate Divi Torque Pro temporarily and then run the scan. If the plugin hooks WordPress’s plugin API, the plugin may provide some data to the WordPress core that causes the scan result.

If you want to send us a copy of the plugin ZIP, we’d be happy to take a look for you. You can email that to wftest @ wordfence . com. Include your forum username in the subject and respond here once you’ve sent it.

Thanks,
Margaret

Hi @thyran,

I noticed you sent a response to us via wftest @ wordfence . com. This inbox isn’t monitored, so if you send information through this account in the future, please let me know here so that there isn’t a delay in getting back to you.

Is it possible for you to upload the plugin file to a different service such as Dropbox or Google Drive and then send us a link to access it? If need be, you could upload the ZIP to your site briefly and we could download it there as well.

Please send the link to the plugin file to wftest @ wordfence . com. Please include your forum username in the subject and respond here once you’ve sent it.

Thanks,
Margaret

Hey @thyran,

I noticed you sent us another follow-up via email. I want to reiterate that this inbox isn’t monitored, so if you send information to this email in the future, please let me know here so there isn’t a delay in getting back to you.

We tested the plugin files you sent and they weren’t detected during a Scan, so we’ll need to dig deeper into the cause. I really appreciate your cooperation in working through this.

Please send us an export of the wp_wfissues table or the results of the query SELECT * FROM wp_wfissues; to wftest @ wordfence . com. Make sure to update the table prefix to the one used by your site. If you’re unsure what your table prefix is, please send us the diagnostics for the test site you configured and we can take a look.

If you have WP-CLI on your hosting, we’d like to see what WordPress sees for the installed plugins and pending updates, which might help show if anything is unusual. If your test environment is using object-cache.php, please rename this temporarily first and run a new scan. Then run the command wp transient get 'update_plugins' --network and send us the output. Your host may be able to run this for you as well.

Please let us know how it goes!

Thanks,
Margaret

Hi @wfmargaret

Thank you for the response. I didnt realise you had responded until checking this thread..

I installed the plugin on another site today and noticed it is still being detected as a critical vulnerability…

I have exported the table you required in SQL format and emailed it to the email address you specified.

I have also renamed the file ran the command in WP CLI and included the output in the email I just sent

Let me know if you need anything else from me

Thank you

Hi @thyran,

Thank you for following up. We were able to replicate the scan result you were seeing with the additional information. Divi Torque Pro is reporting itself in the WordPress API with the slug “addons-for-divi”. You can see this from the output of the WP-CLI command you ran. The addons-for-divi slug is used by the free plugin, Divi Torque Lite.

Typically, a plugin should report to the WordPress API using its own unique slug. In this case, we’d expect the plugin to use divitorque-pro. Please contact the plugin developer for clarification on why the slug in the API is using addons-for-divi instead of divitorque-pro. If this can be updated, it will prevent Divi Torque Pro from being detected as Divi Torque Lite.

Thanks again for the assistance troubleshooting this and let me know if you have any questions!

Thanks,
Margaret