How to stop false Wordfence report

Hi @waypar,

I just installed v3.14.29 of the “12 Step Meeting List” plugin on my test site and didn’t receive a warning for it in my manual scan. It’s being reported as patched on our Threat Intelligence page above currently, so I was just wondering if running a scan today has resolved the issue you were seeing? The status may not have been updated in the plugin at the time of your original message.

Many thanks,
Peter.

Yes, it appears to be resolved now.

The issue was the long length of time between when the patch was released and yesterday when the Wordfence scan no longer showed the plugin “critical” warning. While we feel the access to the csv download information should not have required security checks as it was simply public information available on sites, we went ahead and tightened up the security to require at least editor authorization. Patchstack was understandably a little slow in verifying after the patch release and then there was a less understandable lag before Wordfence scans finally picked up the current state of the issue. Hence the post on your forum.

We’re glad to have this Wordfence issue behind us, although we are now dealing with end user complaints no longer having public access to the csv downloads.

The life of those doing software support will always have its’ challenges eh!

Hi @waypar, I understand entirely.

It’s not so comforting in your case here, but it’s reasonably rare for the plugin to be significantly behind Wordfence Intelligence or the vulnerability source such as Patchstack.

I notice the plugin has “900+ installations” listed. Whilst we never in any way prioritize plugins based on its number of users, I think that might be why it took a number of days for users of both plugins like yourself to notice the discrepancy.

We’ll always address this kind of issue as soon as it’s highlighted, so we appreciate you getting in touch.

Best of luck with your customer support!
Peter.