False Vulnerability Reports | ww.wp.xz.cn

Plugin Author Tim W
(@timwhitlock)

5 months, 3 weeks ago

Recently I’ve received multiple reports that Loco Translate is affected by GHSA-882J-4VJ5-7VMJ / CVE-2024-29042. This is false.

This GHSA/CVE applies only to the translate npm package (Node.js), as confirmed by the original GitHub Security Advisory and OSV/NVD records. Loco Translate is a PHP-based WordPress plugin, does not use npm or Node.js, and has no dependency on the affected package.

Source: https://github.com/advisories/GHSA-882j-4vj5-7vmj

If your malware scanner flags this, let the provider know their data produces a false positive.

You must be logged in to reply to this topic.

0 replies
1 participant
Last reply from: Tim W
Last activity: 5 months, 3 weeks ago
Status: not a support question