tg777 customer service 24/7.Enjoy Free 888+200 Daily Legal Bonus

Resolved w8tts
(@w8tts)

2 years, 1 month ago

Hi,

Wordfence is reporting that “The Plugin “TablePress” has a security vulnerability.
Type: Plugin Vulnerable”

Vulnerability Information: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20180

I’m running: WordPress 6.0.3 and TablePress Version: 1.14

Could you look into this?

Ted

Viewing 7 replies - 1 through 7 (of 7 total)

Plugin Author TobiasBg
(@tobiasbg)

2 years, 1 month ago

Hi @w8tts,

thanks for your post, and sorry for the trouble.

I regard this report as invalid. Please see https://www.ads-software.com/support/topic/wordfence-alerts-critical-for-vulenrability/?view=all#post-16068890 and my other replies in that thread for the current status.

Best wishes,
Tobias

Thread Starter w8tts
(@w8tts)

2 years, 1 month ago

Thanks, Tobias!

I will ignore the error.

Ted

Plugin Author TobiasBg
(@tobiasbg)

2 years, 1 month ago

Hi Ted,

yes, that’s reasonable here, in my opinion.
Just don’t ignore security warnings whenever opening CSV files (regardless of where they are coming from) in Excel, and you will be fine.

Best wishes,
Tobias

justauser034675
(@woocomuser)

2 years, 1 month ago

Hi Tobias,

I know your saying this is a false alarm but can anything be done to prevent this on your end as WordPress is sending millions of users critical scan findings which for me anyway, is a massive inconvenience to bin these everyday.

thanks

Plugin Author TobiasBg
(@tobiasbg)

2 years, 1 month ago

Hi @woocomuser,

I would love to do something about this (you can imagine that this has taken its toll on my workload and mental health), and I’ve been in contact with Wordfence for a couple weeks now, but they say that per their policy they will notify about the underlying CVE issue as long as it exists (and they have actually even stopped answering me…). They claim to not have resources to actually fact-check these and will therefore always recommend the harshest action even though they have stated that the security risk is very minimal…
I have therefore also tried to get in touch with the organization that manages the global security issue database (CVE) but haven’t received any reaction from them so far ??

Regards,
Tobias

justauser034675
(@woocomuser)

2 years, 1 month ago

Thanks for getting back Tobias, I can only imagine what a nightmare it is. Definitely you’ll need to get CVE to remove you as being on that could cause other issues. Did you reach out to other plugins that export CSV (there’s a lot of them) to see how they stay off it?

Plugin Author TobiasBg
(@tobiasbg)

2 years, 1 month ago

Hi,

no, I have not checked how other plugins handle CSV export. My guess is that they don’t do anything about this — it’s simply that nobody has flagged a CVE towards them. And they likely could act here and simply remove math formulas upon export. TablePress can’t do that, because as a spreadsheet plugin, formulas are a core feature for it.

Regards,
Tobias

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Wordfence is reporting a: Plugin Vulnerable’ is closed to new replies.