False Positive Security Flag on Plugin – Previously Fixed

Hi Wordfence team,

We are the developers of the “LMS – Education WordPress Theme” (available on ThemeForest) and several other premium themes. Our theme includes a helper plugin called “Design Theme Core Features”, which was once flagged by Envato during an early review for a minor security issue.

We addressed the issue immediately and released a fixed version. The plugin now follows best security practices and has been included in updated, approved versions of our themes since then.

However, Wordfence continues to flag this plugin as a security issue across all sites where it’s installed — even though the vulnerability no longer exists. This is causing confusion and support problems for both us and our customers. Details:

• Plugin name: Design Theme Core Features (/wp-content/plugins/designthemes-core-features/)
• Affected theme reviewed: LMS – Education WordPress Theme
• Issue fixed in version: [4.8]
• Current version: [4.8]
• Summary of fix: [The vulnerability has been addressed by adding proper authentication checks for the dt-process-imported-file function]

We kindly request Wordfence to review the updated plugin and, if confirmed clean, remove or update the detection signature from your Threat Defense Feed.

Please let us know if you need any more technical info or changelog references. We’re happy to cooperate to get this resolved properly.

The page I need help with: [log in to see the link]