Delayed and Inaccurate Vulnerability Alert

  • Resolved zookri

    (@zookri)


    9 months ago

    Hello,
    I’m writing about two issues with JetPack Protect’s vulnerability reporting:

    1. Delayed Detection: JetPack Protect flagged this issue today: “GP Premium < 2.4.1 – Reflected Cross-Site Scripting” This vulnerability was patched over a month ago with version 2.4.1. Why did JetPack Protect, which supposedly performs daily scans, only flag this now?
    2. Inaccurate Reporting: I updated to version 2.4.1 shortly after its release. However, JetPack Protect is still reporting a vulnerability, despite noting that the issue only affects versions before 2.4.1.

    I’m concerned about JetPack Protect’s ability to accurately and promptly report security vulnerabilities. Could you please explain these issues?
    Thanks
    Will

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hi there,

    I have escalated this concern to our developers to they can investigate.

    Could you please post your site URL here so that we can look into it further? If you want it to remain private, you can also contact us via?contact form?If you choose to reach out directly, please include a link to this thread.

    Thank you!

    Thread Starter zookri

    (@zookri)

    Hi Emily,

    Thanks for your response and for escalating the concern to your developers. I appreciate your offer to investigate further.

    However, in the week since I reported this issue, I’ve found an alternative solution that better meets my needs. As a result, I’ve made the decision to remove JetPack Protect from the dozen or so websites where it was previously running.

    Thanks,
    Will

    Plugin Support Dan (a11n)

    (@drawmyface)

    Hi Will

    I’m sorry to hear that, but I understand your decision. In any case our developers will continue to look into the issue you raised to ensure that any problems are resolved.

    Should you require assistance with anything Jetpack-related in the future or decide to revisit Jetpack Protect, feel free to reach out. We’ll be here to help.

    Thanks!

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Delayed and Inaccurate Vulnerability Alert’ is closed to new replies.