Hello
To begin, we want to extend our heartfelt apologies for the delayed reply, which is due to an unexpectedly high volume of inquiries. We truly value your patience during this period.
In regards to this vulnerability, the false-positive flag that gets thrown by Security Plugins.
We have made a permanent Post that explains all details about it here, on the top of our Support Threads.
Please read more details we explained there.
But we will still make some additional comments here.
Basically, there is nothing to worry about, because the Lite/free version of our Plugin does not have those functionalities which are shown in that error, such as SQL Query based Tables, etc – so danger from something such as SQL injection are not possible with the Lite version – because you are not able to make SQL Tables. ( They are only available in the Premium Version – for which we made a fix since version 3.4.1)
The Security Plugins simply do not differentiate our slug name between the full/Premium version of wpDataTables and the Lite version, thus it throws the security flag.
As we mention in our main Post about this vulnerability –
As Lite users, you don’t have to worry.
If you’re commercial users, you will need to update the plugin above v3.4.1, but we also recommend keeping the plugin updated to the latest version as older versions are not supported, and should be used for testing purposes only.
When it comes to the Lite version, until we update it above 3.4.1, you will keep seeing that flag from Security Plugins, but there is absolutely nothing to worry about for the reasons we already explained.
Kind regards.
Hi wpDataTables (@wpdatatables)
Thank you for your answer, I appreciate you taking the time for it.
I know that the problem does not really exist, the alarms are false and using the lite version of the plugin does not pose a threat.
But not that is a problem.
The problem is false alarms reduce the level of caution.
If during this time another plugin becomes dangerous and we receive a warning “hey, something bad is happening on your website”, we will be convinced that it is wpDataTables again and this real alarm could be ignored.
As you rightly point out, it is enough to increase the numbering for the lite version so that it exceeds the magical 3.4.1 or make (and this preferred solution) so that the lite version is distinguishable from the paid version.
I really hope that you will find time for the best solution for users and the cheapest for you.
Best regards.
Hi @tatamaran,
You’re welcome, we are happy to advise.
We absolutely understand where you’re coming from, and we are sorry for the inconvenience.
For the time being, we did our best, but we are not able to affect the said security Plugins throwing that false-positive flag, since they are not able to recognise/differentiate between our Lite and Premium Plugin slug name.
Our developers will do their best to keep updating our Lite version to reach higher than version 3.4.1 as soon as possible, so after that the false alarm will stop from the security Plugins.
Thank you for understanding.
Please don’t hesitate to open new Posts if anything else comes up.
Kind regards.
