Moderator
Yui
(@fierevere)
永子
See this reply from TablePress author
https://ww.wp.xz.cn/support/topic/wordfence-alerts-critical-for-vulenrability/?view=all#post-16068890
also from WordFence:
FYI – This is just reporting a plugin that has an existing cve. We didn’t do the research or create the cve (that I’m aware of). We’re just making our users aware of it. If I understood what the plugin author said, they have known about it since 2019 so it’s not like this was a secret.
there are also some threads on WordFence forum related to irrelevant warnings,
such as: https://ww.wp.xz.cn/support/topic/old-irrelevant-vulnerability-warnings/
Hi,
thanks for your post, and sorry for the trouble.
Indeed, the link above contains the current status on this.
Yui, thanks for also adding that extra information and link — I wasn’t aware of that yet.
Best wishes,
Tobias
thank you for your reply. I saw afterwards your reply on the other post so i couldnt delete this one
Hi
so how do we resolve / stop Wordfence reporting – against a CVE not initiated by them…
their is “risk” hence why it has been flagged (i am not a developer)
I use Wordfence.com/central to monitor my sites, and it is flagged
ok i agree flagged this month why not previous months!!
I will have to consider disable of the plugin, but i dont wish to do that.
would there be an update/fix on your next release?
Hi,
I regard this CVE report as invalid, as explained in the link above (https://ww.wp.xz.cn/support/topic/wordfence-alerts-critical-for-vulenrability/?view=all#post-16068890 ). This is a very theoretic issue, and it’s blamed at the wrong software.
Regards,
Tobias
