• Resolved consultant1027

    (@consultant1027)


    I like the concept, but what’s the point of showing vulnerabilities for older versions of plug-ins already installed. My system showed 5 and all were for versions older than the versions currently installed. Creates a “Boy Who Cried Wolf” scenario. Is it not possible to read the version of the plugin and compare it with the versions effected by the vulnerability?

Viewing 1 replies (of 1 total)
  • Plugin Contributor whitefirdesign

    (@whitefirdesign)

    It isn’t quite clear what you are referring to, but on the plugin’s page if the vulnerability isn’t in the currently installed version of the plugin it is listed under the heading “Installed plugins that have known vulnerabilities in other versions of the plugin:” already. The versions that are vulnerable are also included in the vulnerabilities listing.

    Knowing if other versions are vulnerable can be important. Let’s say you are cleaning up a hacked website where the plugins have not been updated in some time, which in our experience is often the case. Knowing that the vulnerability only existed in newer versions than the one installed would allow you to rule out the vulnerability as the source, whereas if it wasn’t listed, you wouldn’t know that the vulnerability was in the data set. It also would be useful if the plugins have been updated before you start dealing with the hacked website, since knowing that a version that might have been in use before had a certain vulnerability could indicate a possible source of the hack.

Viewing 1 replies (of 1 total)
  • The topic ‘List Vulnerabilities for Old Versions Not Installed?’ is closed to new replies.