• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion
  • Inviting everyone to the UX test of a new security feature in the WP Toolkit
    For WordPress site owners, threats posed by hackers are ever-present. Because of this, we are developing a new security feature for the WP Toolkit. If the topic of WordPress website security is relevant to you, we would be grateful if you could share your experience and help us test the usability of this feature. We invite you to join us for a 1-hour online session via Google Meet. Select a convenient meeting time with our friendly UX staff here.

Issue WordPress Toolkit vulnerability report unclear

V

Visnet

Basic Pleskian
Dear Plesk team and Pleskians,

For one staging website on my Plesk server (Plesk Obsidian) I am getting the following two reports from the WordPress Toolkit extension:
website URL filteredWordPress License Manager for WooCommerce plugin <= 2.2.5 - Sensitive Information Disclosure vulnerability
website URL filteredWordPress License Manager for WooCommerce plugin <= 2.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

However, it is unclear:
  • What the nature of this vulnerability is, how to find more information about it and how to pinpoint the issue in the plugin code
  • How to solve this or what to report to the plugin developer (for instance, this plugin does not have any new versions available yet)
Without this information reports like these are more confusing than helpful.

Am I missing something?
Or could this be improved to be more helpful to a server administrator?

Cheers!
 
To add to my initial report:

Using Plesk 18.0.41.1 with WordPress Toolkit extension 5.9.3-6032

I just found out that when using the WordPress Toolkit through the Plesk panel, under Security > Vulnerabilities (filter) the same notices actually provide a 'Details' button that is linking to:
- WordPress License Manager for WooCommerce plugin <= 2.2.5 - Sensitive Information Disclosure vulnerability - Patchstack
- WordPress License Manager for WooCommerce plugin <= 2.2.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Suggestion:
Either include these same links in the report e-mail or explain how/where to find them in the Plesk panel.
 
Thank you for your feedback! We have filed a task to improve our email notifications based on your feedback. Let us know if you have any other feedback.
 
You must log in or register to reply here.

Similar threads

A
Resolved WP Toolkit: Live site cloned, clones using plugins folder of original site
Replies
5
Views
1K
ArmReu
A
daedparrotsoftware
Operational Issues with WordPress Toolkit WP site UPDATE functions on Multiple Servers
Replies
13
Views
4K
greybeard
G
daedparrotsoftware
Forwarded to devs Random Operational Errors With WordPress Toolkit on multiple Servers/server hosts and on our dedicated server
Replies
1
Views
1K
IgorG
IgorG
J
Plesk Wordpress Toolkit: Broken Website! (Pls Help!)
Replies
1
Views
3K
custer
custer
wwwAndries
Input Executing WordPress plugin/theme cron events through WP-CLI
Replies
0
Views
1K
wwwAndries
wwwAndries
Back
Top