• We value your experience with Plesk during 2024
    Plesk strives to perform even better in 2025. To help us improve further, please answer a few questions about your experience with Plesk Obsidian 2024.
    Please take this short survey:
    https://pt-research.typeform.com/to/AmZvSXkx
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Issue WP Toolkit reporting vulnerabilities for wrong version of theme

M

maestroit

New Pleskian
Server operating system version
Debian 11.9
Plesk version and microupdate number
18.0.59 Update #2,
After the latest update, I started seeing that WP Toolkit is reporting that my Themify Ultra theme v7.6.2 has few high severity rating vulnerabilities, when I clicked to see what are those I found that the report is for the Themify version <= 7.3.5, which I am not using !! (Check attached screenshot)

Does the Toolkit detect the version in a wrong way? How can this be solved?
 

Attachments

  • themify ultra wrong version.jpg
    themify ultra wrong version.jpg
    292.7 KB · Views: 18
Update:

I installed Plesk v18.0.60 but it is still the same:
PatchStack DB says the vulnerabilities have been fixed, WordFence DB doesn't !!!
 
I've the same problem with some plugins, example here with Real3D Flipbook 3.83, signaled as vulnerable by Wordfence database... but for version <=1.0.0 !!!

I hope the future WP Toolkit update will fix these issues soon...
 

Attachments

  • 1713861687565.png
    1713861687565.png
    53.9 KB · Views: 6
  • 1713861792856.png
    1713861792856.png
    5.8 KB · Views: 6
After waiting 20 days with no solution from WP Toolkit or WordFence, I contacted WordFence support ( wfi-support _at_ wordfence.com ), with the issue in question, and they marked it as Fixed in few hours.
 
Hi guys,

We're reporting these issues to Wordfence on a regular basis, but some reports, like this thread, get lost for some reason -- sorry about that. We'll see how we can ensure that no reports are lost and everything is submitted to Wordfence.
 
You must log in or register to reply here.

Similar threads

H
Question WP toolkit -> Plugins is regulary outdated (wrong version and name of plugins)
Replies
0
Views
6K
harmut
H
G
Question WP installs are quarantined daily.
Replies
4
Views
1K
Bobbbb
B
Bitpalast
Resolved Wordpress not downloadable/installable in different versions on several servers [due to rate-limiting on WP side]
Replies
15
Views
1K
Bitpalast
Bitpalast
P
Resolved WP Toolkit vulnerability alert might be a false positive? [Unauthenticated Blind SSRF]
Replies
5
Views
4K
Wiz
Wiz
O
Simultaneous Security Measures scans in WP Toolkit Admin
Replies
1
Views
980
Peter Debik
P
Back
Top