Reporting WP Reset Pro vulnerability for WP Reset (free)

  • Resolved totemicit

    (@totemicit)


    3 years ago

    Hello, I just came across an incorrect detection of the free version of WP Reset plugin by Security Ninja. Basically, it detects the most up-to-date version of the free WP Reset plugin (v1.95 right now), as if it was the premium WP Reset Pro. The notification says it should be updated to “minimum v5.99”. As far as I’m aware, the vulnerability CVE-2021-36909 only affects the premium version, so Security Ninja shouldn’t be showing this notification for the free version.

Viewing 1 replies (of 1 total)
  • Plugin Author Lars Koudal

    (@lkoudal)

    Hello @totemicit

    Thank you for letting us know. It seems the free and pro version of the plugin use the same path name.

    For now the vulnerability warning for this particular CVE has been disabled to prevent any confusion. We will make a fix for this issue, thanks again ??

Viewing 1 replies (of 1 total)
  • The topic ‘Reporting WP Reset Pro vulnerability for WP Reset (free)’ is closed to new replies.