Sucuri Reporting That This App Is Vulnerable

Hello @serafinnyc

I think that is a false positive. It was reported by Patchstack a long ago and we have fixed immediately. You can find everything here: https://patchstack.com/database/vulnerability/ninja-tables

If you are a Sucuri customer please forward them this URL.

Thanks

It’s not fixed and it’s not a long time ago. I’ve gone over it with them and with WPE 7x. It’s new. And there is no false positive with these guys. They’re like robots.

Hello @serafinnyc

We did not get any report from anyone. Normally the security companies contact with us (plugin author or WordPress org team) and then they let us know.

The access control issue was fixed last January and the reporter was Patchstack.

Just to give you an update, We have contacted with sucuri to confirm about it.

Thanks @techjewel

Hey folks! I contribute to the Sucuri WordPress plugin.

@serafinnyc can you clarify where that screenshot came from? I don’t think the flagging is coming from the Sucuri WordPress plugin. And I don’t know of any service from Sucuri offering this kind of flagging. Any guidance to replicate would be appreciated. ??

@imgerson We ourselves don’t use any apps here and this isn’t app related or based. This is direct from our contacts at Sucuri. On the contrary, Sucuri partners with many hosting companies for security. We’re a cyber security firm, this is what we do day in and day out.

Also note that I supplied a screenshot, for which is appears no one is viewing before commenting.

• This reply was modified 10 months, 3 weeks ago by Stef.
• This reply was modified 10 months, 3 weeks ago by Stef.

@techjewel it’s been over a week with no action or update on this. Anything? Sucuri is still flagging this. Thanks

Hey @serafinnyc, I would love to look into this further but not sure who at Sucuri you spoke with? Could I get some more information so I can follow up on this side?

Feel free to email us directly at info(@)sucuri.net or reach out on chat so we can quickly address this for you: https://sucuri.net/live-chat/

We don’t recognize the UI of the screen shot (though it could be ninja tables UI) – I would be happy to look into this further but would need some more information. What version of NinjaTables are you using?

Best!

Hey @imgerson ya this isn’t something you need to get involved with. If you actually worked at Sucuri it would be different and I’m not giving out names on a forum for privacy reasons. It’s Ninja’s job to take care of their app and if any security company is flagging their app then they need to act accordingly.

I do think that this has been an ongoing issue for some time where they get flagged, not just Ninja but other author’s of apps. And they’re clueless as to why. Then you go back to whoever, say WPE and or Kinsta and they say well it’s real. It’s not fake.

As I stated to my colleague at Sucuri, there needs to be a meeting with them, authors and devs and security specialist like us and get a, I don’t know, system in place where everyone’s on the same page and no one’s shaking their heads “huh”?