• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue WP Toolkit reporting vulnerabilities for wrong version of theme

M

maestroit

New Pleskian
Server operating system version
Debian 11.9
Plesk version and microupdate number
18.0.59 Update #2,
After the latest update, I started seeing that WP Toolkit is reporting that my Themify Ultra theme v7.6.2 has few high severity rating vulnerabilities, when I clicked to see what are those I found that the report is for the Themify version <= 7.3.5, which I am not using !! (Check attached screenshot)

Does the Toolkit detect the version in a wrong way? How can this be solved?
 

Attachments

  • themify ultra wrong version.jpg
    themify ultra wrong version.jpg
    292.7 KB · Views: 18
Update:

I installed Plesk v18.0.60 but it is still the same:
PatchStack DB says the vulnerabilities have been fixed, WordFence DB doesn't !!!
 
I've the same problem with some plugins, example here with Real3D Flipbook 3.83, signaled as vulnerable by Wordfence database... but for version <=1.0.0 !!!

I hope the future WP Toolkit update will fix these issues soon...
 

Attachments

  • 1713861687565.png
    1713861687565.png
    53.9 KB · Views: 7
  • 1713861792856.png
    1713861792856.png
    5.8 KB · Views: 7
After waiting 20 days with no solution from WP Toolkit or WordFence, I contacted WordFence support ( wfi-support _at_ wordfence.com ), with the issue in question, and they marked it as Fixed in few hours.
 
Hi guys,

We're reporting these issues to Wordfence on a regular basis, but some reports, like this thread, get lost for some reason -- sorry about that. We'll see how we can ensure that no reports are lost and everything is submitted to Wordfence.
 
You must log in or register to reply here.

Similar threads

T
Issue WP Toolkit incorrect vulnerability and version reports
Replies
4
Views
852
TurnRound
T
G
Wp toolkit question
Replies
1
Views
609
Sebahat.hadzhi
Sebahat.hadzhi
N
Issue WordPress Toolkit reporting old vulnerabilities
Replies
1
Views
1K
custer
custer
S
Issue Specified column is not in the row
Replies
1
Views
1K
Peter Debik
P
H
Question WP toolkit -> Plugins is regulary outdated (wrong version and name of plugins)
Replies
0
Views
7K
harmut
H
Back
Top