Vulnerability

Hello pawelixon,
Firstly, I would like to sincerely apologize for the delayed response as we have been experiencing an unusually high number of tickets. I am sorry that it has taken longer than usual to respond to your concern and your patience is highly appreciated.

In regards to that vulnerability flag, yes, this happened in the Premium versions equal or older than 6.3.1.
Our developers fixed it in the later updates – so please update the plugin to the latest version and after that you won’t be seeing that flag anymore.
The latest premium version is currently 6.5.3.

If you have any additional questions about the premium version, please open a ticket on our main Support platform here, and one of our Agents will respond as quickly as possible.

If you don’t have a licence (or if it expired), please open a pre-purchase ticket which doesn’t require a purchase code.

Premium products are not supported in these forums, as per this comment by www.ads-software.com moderators.

Kind regards.

• This reply was modified 5 months, 1 week ago by wpDataTables.

Thank you for your reply,

I am currently using the free version ver: 3.4.2.18 and I still see that ShieldPro sees the vulnerability of this plugin.

Therefore, I have nothing to worry about?

Hello,
Firstly, my apology, I did not add the part about the free/Lite version.
That is correct, these vulnerability flags were only found in the premium versions, such as SQL injection for example – or another flag which happened for front-end editing;
Both of these were fixed in our newer premium versions;
but when it comes to the Lite/free wpDataTables, it never had these features like SQL Tables or editing, so on the free/Lite version it will be absolutely safe.

That being said, our developers will still do their best to keep updating both Lite and premium versions, so when the Lite versions number goes over a certain point, all these ‘false positive’ security Plugin flags are going to stop happening.
We apologize for the inconvenience, but we can absolutely confirm that for all Lite users, there is nothing to worry about in that regard.
Thank you.

• This reply was modified 5 months, 1 week ago by wpDataTables.

Hello,

All security plugins (I use WordFence) send alerts each time and for every website the free version is updated, as the version numbers aren’t aligned between the free and paid versions (free is currently at 3.4.2.18 so it will send alerts until it reaches 6.3.2).

Could this version number be changed to >6.3.1 to solve the issue? Another solution suggested by WordFence support is to differentiate the free and paid plugin slugs.

Thanks!

Hi @emielb,
I am sorry, but our developers already tried this approach.
They tried to align having the same Plugin version number between the premium and Lite versions;
as well as only setting the Lite Plugin to be ‘above a version which has the false-positive security flag’;

but unfortunately, then we had new issues due to that and they reverted it back to the Lite Version having a different/older version number.

Please refer to this Post which we pinned on the Support Section, it explains everything in details.
Our developers are doing their best to think of any possible solution, which will be implemented as soon as possible.
We just can’t advise on an ETA at this time, but we can guarantee that there is nothing to worry about for any Lite users.
As we mentioned on that pinned Post, the Lite version never had these functionalities which are being flagged, because the Security Plugins are unable to differentiate between our Lite and Premium Plugins since they got the same ‘slug name’.

It might also be an idea if the WordFence developers could devise a way for you to exclude our Lite Plugin from being checked for SQL injection, because the free Plugin never had any SQL Tables available, and it also does not have any table editing – a similar way how you can exclude a folder or file from anti-virus software, since this is definitelly a false-positive flag.
That is just an idea, though, we are not familiar if it is possible for them to do this and we realise it is not the best solution.

In the meantime, our developers are still doing their best to devise a solution from our end, too.

Sorry once again for this inconvenience.
Kind regards.