Security Checκ: Not found in database message for the Theme and a Plugin

  • Resolved Panos

    (@xpanos)


    4 years, 3 months ago

    Greeitings.

    When we conduct a security check in a site with few plugins installed, 80% of the times it sees the theme and its version (Divi) but the message next to it it says Not found in the databese. The 20% of scan saws the message the plugins having: No known vulnerabilities found to affect this version.

    The exact same is happening with one of the plugins (Smart Image Resize PRO)

    This problem occurs in the last 4-5 or 6 revisions of the plugin.

    Maybe it helps if I say that every time we update the theme and we run WPScan afterwards, it sees the correct version and the correct message “No known vulnerabilities found to affect this version”, One day after the theme update when we run the test it comes back again with the “No found in database”..

    Where is the problem here?

    Regards

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Contributor ethicalhack3r

    (@ethicalhack3r)

    Hi Panos,

    Thank you for letting us know about this issue.

    It’s a strange one, which doesn’t look to be easy to reproduce.

    We show the “Not found in database” message when our API returns a 404 status code for the plugin/theme.

    We’ll have a look into it to see if we are able to identify the issue.

    Thanks again,
    Ryan

    Thread Starter Panos

    (@xpanos)

    Thanks for your reply, I ll be happy to help you by providing any info, screenshots etc

    Rgrds

    Plugin Contributor ethicalhack3r

    (@ethicalhack3r)

    We found the issue!

    It was a problem with our API, lowercasing and caching.

    So, some people requested the API for “divi” (lowercase), which does not exist, and returns a 404.

    We could cache the result and then serve it for all future requests.

    Someone else would request the API for “Divi” (uppercase), we would first downcase it to “divi”, and check if we had it in the cache, which would return the cached version from the first 404 response. So all users requesting “Divi” would get the cached response for “divi”.

    This would explain why sometimes it happened and others not. Because it would reset every time the cache was cleared.

    It should be fixed in the next couple of hours.

    Thank you for the report!

    Thread Starter Panos

    (@xpanos)

    Im glad we figure it out as divi is a big community theme so better to have it fixed! ??
    Just kiding..
    Thanx for your help @ethicalhack3r

    Can I ask.. do you think the same problem occurs with the Smart Image Resize PRO plugin?

    Plugin Contributor ethicalhack3r

    (@ethicalhack3r)

    Hi Panos,

    No problem ?? it was more our dev team, I’m just the middle man ??

    I believe it would be the same problem with the Smart Image Resize PRO plugin.

    Do you know what its slug is? (it’s directory name in /wp-content/plugins/) folder)

    Thanks,
    Ryan

    Thread Starter Panos

    (@xpanos)

    ??
    The slug is wp-smart-image-resize-pro

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Security Checκ: Not found in database message for the Theme and a Plugin’ is closed to new replies.