Plugin Vulnerable False Positive

  • Resolved thyran

    (@thyran)


    10 months, 1 week ago

    Having issues with WordFence scan reporting a false positive on a plugin vulnerability.

    See details from scan result and response from plugin support.

    Can we safely ignore this threat detection from WordFence?

    Plugin Name: Divi Torque Pro
    Current Plugin Version: 1.5.0
    Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “Divi Torque Pro” until a patched version is available. Get more information.(opens in new tab)
    Vulnerability Information: https://www.wordfence.com/threat-intel/vulnerabilities/id/39fb0499-9ab4-4a2f-b0db-ece86bcf4d42?source=plugin(opens in new tab)
    Vulnerability Severity: 6.3/10.0 (Medium)

    From: DiviEpic
    Sent: Thursday, May 23, 2024 3:34 AM
    To: Thyran Wright
    Subject: [#314] Bug Report: Divi Torque Pro

    Hello,

    If you visit this link:  https://www.wordfence.com/threat-intel/vulnerabilities/detail/freemius-sdk-242-missing-authorization-checks, you can clearly see here the reported issue is about the freemius SDK version < 2.4.2 which version has the vulnerability. But if you debug our plugin codebase, you can easily find that the current freemius SDK version is 2.7.2, screenshot:  https://prnt.sc/hyDEpDzTUv37 

    You can contact Wordfence and send the plugin file version 1,5,0 and let’s see their feedback. 

    NOTE: The Freemius SDK is a set of tools that we integrate into our plugin to manage licensing, handle payments, and gather usage data. It helps us provide you with a seamless experience, including secure transactions, automatic updates, and access to premium features. 

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Plugin Vulnerable False Positive’ is closed to new replies.