WordFence Alerts Critical for Vulenrability

  • Resolved Michael Kraus

    (@mjkraus)


    2 years, 1 month ago

    Hello,

    When scanning recently with WordFence, the TablePress plugin shows a critical vulnerability and the text below:

    Plugin Name: TablePress
    Current Plugin Version: 1.14
    Details: To protect your site from this vulnerability, the safest option is to deactivate and completely remove “TablePress” until a patched version is available. Get more information.(opens in new tab)
    Repository URL: https://www.ads-software.com/plugins/tablepress(opens in new tab)
    Vulnerability Information: https://www.cve.org/CVERecord?id=CVE-2019-20180(opens in new tab)`

    When reviewing the TablePress Vulnerability via the link, it goes to a 404 page.

    Will there be a new release soon that addresses this issue and brings TablePress up to the most current compatibility?

    The Plugin is great by the way. Really useful and lots of options!

    The page I need help with: [log in to see the link]

Viewing 4 replies - 76 through 79 (of 79 total)

  • @josklever I don’t think it’s fair for a “messenger” to recommend people remove software if they haven’t even looked into whether something is a legit security concern where removing the software would be warranted.

    If blindly passing on warnings without checking any of them is what the feature does, then make it very clear that it needs to be checked by the user before they do something as drastic as removing the software completely. That’s where I feel they’re crossing the line a bit.

    It just doesn’t make them look good – and can really damage the plugin author’s reputation as well as their own. A bit like being sent a warning about something from a friend online, where they tell you to warn all your contacts, and, without checking it, you send it on, only to later find out it was some bogus story from 8 years ago… and end up feeling kinda stupid for creating all this fear over something that turned out to be incorrect.

    Make it clear that the effect of the issue needs to be evaluated, is all I’m saying… rather than freaking everyone out.

    What a thorough and well-documented timeline of this issue. Thank you for posting your replies and status updates here @tobiasbg. Looking forward to version 2.x of the plugin. Thanks again.

    Plugin Author TobiasBg

    (@tobiasbg)

    Hi @ldaughenbaugh,

    thank you! Good to hear that TablePress 2.0 will be of interest ??
    It won’t take long anymore!

    Best wishes,
    Tobias

    Plugin Author TobiasBg

    (@tobiasbg)

    Hi everyone,

    thanks a lot for all your patience regarding this!

    Great news: TablePress 2.0 is now available, see https://tablepress.org/release-announcement-tablepress-2-0/

    With this, the Wordfence notifications should now be turned off ??

    Best wishes,
    Tobias

Viewing 4 replies - 76 through 79 (of 79 total)
  • The topic ‘WordFence Alerts Critical for Vulenrability’ is closed to new replies.