wordfence not detecting outdated plugins that were theme-bundled

Hey @webdragon,

Is the version you’re currently using on the www.ads-software.com repository? If not, Wordfence may not be able to detect there’s an available update. If you can share a link to the version you’re currently using I can take a closer look.

Please let me know.

Thanks,

Gerroald

The version we had on there was 5.0.5 and we bought the current release and license, and updated it manually from the theme-bundled release.

If the only way you’re testing for outdated plugins involved whether they are in the wordpress plugin repository or not, I’d say that’s a problem due to how many theme-bundled plugins there are out in the wild thanks to Envato.

You may need to adopt a new methodology for identifying out-of-date items in wordpress.

Hi @webdragon,

It’s definitely a struggle due to the number of third-party repositories there are out there, namely Envato as you mentioned.

Plugins that reside on the WordPress repository are easy to check for updates for – as the repository provides an API that Wordfence can use. I don’t think this is the same for Envato or other third-party repos.

It’s something that the Wordfence team can look into, but for now what I can recommend is to keep an eye out on plugins that you did not install via the WordPress default repo.

Dave

Understandable. How about a sort of compromise effort — what if Wordfence were to warn admins that “hey we were unable to find information on this plugin to give you an accurate report of its age and how secure the installed version is, so you should probably go check that.”

or something of that nature? ??

This would at least help limit further what falls through the cracks.