• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Resolved Fixed vulnerability still showing up in WP-Toolkit

dleigh

New Pleskian
Server operating system version
AlmaLinux 9.6 (Sage Margay)
Plesk version and microupdate number
Plesk Obsidian 18.0.71 Web Host Edition
I use the Transposh (Transposh – Breaking language barriers – The transposh.org wordpress plugin showcase and support site) plugin for translation on our WordPress site. I'm at version 1.0.9.6. WP-Toolkit is saying the following:

WordPress Transposh WordPress Translation plugin <= 1.0.8.1 - Unauthorized Settings Change vulnerability

Transposh uses github for its updates and no longer uses the wordpress.org repository. Is this the reason that the vulnerability is being flagged? Is there any way that WP-Toolkit can see that I'm well past that version?
Thanks!
 
Well, I just did my research but I see that it's no longer on wordpress.org and that the github repository starts at 1.0.9. I've found a 1.0.7 and am attaching it. I couldn't find anything in the 1.0.8 version tree.
 

Attachments

  • transposh-translation-filter-for-wordpress-1.0.7.zip
    674.2 KB · Views: 3
Thank you. I was able to replicate the issue and I will consult with our team about it. I will follow-up with more details in the upcoming days.
 
Thank you for your patience, @dleigh . Our team discussed the case with Wordfence and Patchstack and the vulnerabilities should be properly reflected now. Please note that according to them some are not patched yet, but they should properly reflect the plugin version now.
 
Back
Top