Hi @dsmistyflip,
Thanks for your message and for your continued use of BNFW.
Firstly, I want to assure you that there’s nothing to be concerned about at all.
Secondly, and more annoyingly, you may have been contacted via email Re: Better Notifications for WP from a host. I received the same email from WP Engine yesterday myself. The email they sent out is inaccurate and I’ve spent much of the day speaking to people so ensure this doesn’t happen again.
The vulnerability they’re referring to is in a Freemius SDK which has just been fixed by Freemius themselves however, BNFW hasn’t used this SDK since 2018. Many hosts use the WP Scan database and for some reason, WP Scan haven’t kept their record for BNFW up-to-date which has resulted in them marking *all* versions of BNFW as vulnerable, which isn’t true.
Providing you’re using the latest version of BNFW, you should be fine and are not prone to this vulnerability.
Hope the above makes sense.
Apologies for this and thanks for using BNFW.
Thanks @voltronik – it did seem odd that 1000+ plugins seemed to be affected, but only ~15% appeared to have done anything about it. Must be very frustrating, but hopefully other users will see your note above and be reassured.
Have a good one.
Thanks @dsmistyflip,
It seems a few hosts have already offered apologies via a follow-up email.
Fingers crossed this won’t happen again!
