Resolved Fixed vulnerability still showing up in WP-Toolkit

[dleigh]

Server operating system version

AlmaLinux 9.6 (Sage Margay)

Plesk version and microupdate number

Plesk Obsidian 18.0.71 Web Host Edition

I use the Transposh (Transposh – Breaking language barriers – The transposh.org wordpress plugin showcase and support site) plugin for translation on our WordPress site. I'm at version 1.0.9.6. WP-Toolkit is saying the following:

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Unauthorized Settings Change vulnerability

Transposh uses github for its updates and no longer uses the wordpress.org repository. Is this the reason that the vulnerability is being flagged? Is there any way that WP-Toolkit can see that I'm well past that version?
Thanks!

 

[Sebahat.hadzhi]

@dleigh , do you have any idea where I can find an archive of version 10.8.1 or lower?

 

[dleigh]

Well, I just did my research but I see that it's no longer on wordpress.org and that the github repository starts at 1.0.9. I've found a 1.0.7 and am attaching it. I couldn't find anything in the 1.0.8 version tree.

 

[Sebahat.hadzhi]

Thank you. I was able to replicate the issue and I will consult with our team about it. I will follow-up with more details in the upcoming days.

 

[Sebahat.hadzhi]

Thank you for your patience, @dleigh . Our team discussed the case with Wordfence and Patchstack and the vulnerabilities should be properly reflected now. Please note that according to them some are not patched yet, but they should properly reflect the plugin version now.

 

[dleigh]

Yes, it looks right now. Thanks for your help!!!