False positive: checking the wrong version

  • Resolved pixelyzed

    (@pixelyzed)


    8 months, 4 weeks ago

    Hi,

    On a site I maintain I’ve had a notification for a while for a seemingly vulnerable plugin but that is a mistake. Your plugin is flagging Premium Addons PRO (for Elementor) plugin as vulnerable as that is on version 2.9.43 and you are comparing that number to the free version’s version number (also installed, both need to be) saying it had a vulnerability in version 4.10.23. I actually have the free updated to 4.11.30.

    Your plugin needs to take both free and Pro versions of the plugin into account when checking versions. As far as I know, neither currently up to date versions are vulnerable right now but your plugin is comparing the Pro version number (2.9.43) to the much higher free version number that was vulnerable (4.10.23). You need to fix that.

    Thanks,

Viewing 1 replies (of 1 total)
  • Plugin Author Lars Koudal

    (@lkoudal)

    4 months ago

    This has been fixed a while ago, there was a discrepancy in our database in regards to the plugin slug that created the warning you reported about. Thank you for the warning 🙂

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.