False issue on Contact Form DB

There may been a bit of lag between when our systems pull the new information from the www.ads-software.com repository and when you did the update in this case. Can you select “I have fixed this issue’ and then rerun the scan? Let me know if the alerts come back.

tim

Thanks. I had the files set to ignore until it changes again, so I stopped ignoring and ran a new scan. This time it didn’t find an issue.

If there is a lag between systems, how can it be that it reports an issue but then sees there is no file difference? Is the scan compare different from the manual file compare?

Also, this is the second time this happened with this plugin and I haven’t seen this false report for others.

thans
JP

Hi JP,

Generally, this means the scan happened in between the plugin update and the time that Wordfence servers retrieved the plugin. The scan results stay in place until the next scan is run (usually 24 hours), but if you see the results and run the file comparison after the Wordfence servers have picked up the latest code, you will see the updated code.

-Matt R

Hi Matt,

Mmm I still thing something is wrong. This plugin has a new update again. This time I waited for Wordfence to report this update, so I suppose that means that WF has already retrieved the plugin.

Then I did the update and did a new WF scan. Again, WF reports 4 issues with changed files.

Modified plugin file: wp-content/plugins/contact-form-7-to-database-extension/readme.txt
This is an actual change, but a strange one.
– Original version: Stable tag: 2.10.3
– Modified version: Stable tag: 2.10.2
? How can I do an update and receive a file with 2.10.2 while the original one (from where I update I guess) is 2.10.3

Modified plugin file: wp-content/plugins/contact-form-7-to-database-extension/languages/contact-form-7-to-database-extension.pot
– There are no differences between the original file and the file in the repository.

Modified plugin file: wp-content/plugins/contact-form-7-to-database-extension/CFDBViewShortCodeBuilder.php
– There are no differences between the original file and the file in the repository.

Modified plugin file: wp-content/plugins/contact-form-7-to-database-extension/CF7DBPlugin.php
– There are no differences between the original file and the file in the repository.

Thanks
JP

Hi again,

Yes, it’s basically the same issue, and depends partly on when the changes on the server happened. In this case, the version number in the stable tag seems to have been changed after your plugin was updated — so your site got the update, but had the old version number. (It makes the message confusing, since it says yours was modified, but really the “official” version was modified, which normally shouldn’t happen after a release.)

I’m not sure if the differences in the other files were reported because they were also changed, or because the developer changed the version number after the release — it might mean your current version files were compared to the previous version during a scan. Either way, the dev team is aware of this and is looking at a way to work around the issue when plugins are modified on wordprss.org after they’re already released.

Most plugin authors don’t do that, and the ones that do it most often usually only modify the “Tested up to” value in their readme files, which causes fewer problems.

Thanks again for the report — we’ll look into preventing it in a future version, but I can’t say how long it may take or which version it will be in.

-Matt R