The Plugin “WP Reset” has a security vulnerability.

This vulnerability in the PRO version, not the free one, was patched on 2021-11-18. If you have info on some new issues, please let us know.

Wordfence is continuing to flag the free version of the plugin as critically vulnerable and advise removing until the vulnerability is resolved. I got exactly the same results as banijadev posted this evening on 11/2/22. If they are in error, perhaps you should let them know.

@mmaunder @wfpeter hi ??
This is a false positive caused by the fact pro, and free slugs are the same for our plugin. This issue was in the pro version <5.95, and it was fixed immediately. But since the free version is at v1.95, you’re flagging it as problematic while the issue definitely does not exist in the free version as it doesn’t have that code in it. Can you fix this?

Hi @webfactory, my apologies for being slightly late to this conversation but thank you for bringing it to our attention.

The original issue did seem to be down to a CVE ID being issued, but the free version falling below v5.95 with the same slug. Wordfence will report these, even though we weren’t the entity that decided it was a valid vulnerability.

Our Threat Intelligence team has taken a look at this today and determined a way to distinguish between the Pro and Free versions of the plugin affected. If anybody has run a scan that reported this vulnerability, they may still see cached results for up to 12 hours. Our (fresh) scan tests on the free plugin no longer report it, as desired.

Thanks,

Peter.

Awesome! Thank you ??