I have this plugin installed but it lacks any docs on how it works. It just says activate and it’s done.

1. Does it send emails with alerts?
2. When does it send them?
3. Why is there no tool to see what it’s emailing?

I keep getting a notice for the User Meta Pro plugin. The message says: User Meta Version 1.1.1 – Arbitrary File Upload.

I’ve updated to version 1.3, but the VPC error still appears in the Dashboard and I keep getting email notices for this alert.

Is there a way to get rid of this?

Screenshot: https://prnt.sc/hb4cbw

Yoast SEO active version is current, and it’s 5.8 – the vulnerability fixed version according to WP Scan. But it’s still displaying the vulnerability warning and is sending email.

I think, I repeat think, the WP Scan version identification has some kind of bug: it cannot detect that: 5.8.0 = 5.8.

This plugin has pretty serious issue; it doesn’t provide a warning when an installed plugin has a vulnerability that hasn’t been fixed. Those vulnerabilities are the most important to warn about since even if you are keeping your plugins up to date you would still be vulnerable to those.

The issue is caused by the code that determines if the plugin is known to be vulnerable, which does that by comparing the version number of the version of the plugin in use against the version number that the vulnerability was fixed in. For vulnerabilities that haven’t been fixed, the fixed version number will be null and the plugin will be considered to not be known to be vulnerable.

Hi,

I have installed this plugin on a site for testing.

I installed Yoast SEO v3.2.4, which has known vulnerabilities in WPVULNDB. https://wpvulndb.com/plugins/wordpress-seo

On the plugins page, VPC lists ALL the vulnerabilities for Yoast SEO, whereas I would expect it to ony list the one’s affecting the actual installed version. This is quite confusing.

Would it be possible to have this plugin list only vulnerabilities affecting the installed version? I note that the plugin ‘Vulnerability Alerts’ does this.

Also, the link “Settings” for VPC on the plugins page is incorrect, it is:

/wp-admin/tools.php?page=vpc-settings

but should be:

/wp-admin/options-general.php?page=vpc-settings

Thanks for your time.

I ran into an incompatibility problem with this plugin and Gravity Forms. When I enable email notifications, it looks as if this plugin is overriding the Gravity Forms Email Notification Headers like the From Email.

Has anyone else seen this issue?

https://www.ads-software.com/plugins/vulnerable-plugin-checker/