Hi @locker17,
Just to quickly confirm, does your question concern this plugin? https://ww.wp.xz.cn/plugins/bp-better-messages/
It looks like our API is associating the Better Messages plugin with an already-resolved vulnerability in the Freemius SDK, which is what makes the plugin appear as vulnerable; even though the issue had already been patched.
If you’re already using the latest version of Better Messages on your site, no manual action is required to resolve this issue.
We’re going to investigate this right away, and I hope to be able to share an update about this one soon.
Kind regards, Jarno
-
This reply was modified 1 month, 1 week ago by
Jarno Vos.
Yes, confirmed. This is the plugin your alert is refering to.
Same here:
Multiple Plugins by emarket-design <= Multiple Versions – Unauthenticated Limited Remote Code Execution
I have version 4.0.2 installed and your plugin is marking it as high vulnerability. This is newer than the plugin where the issue was fixed.
Hi @ajtruckle,
Which plugin are you using from the developer “emarket-design” exactly?
If this concerns the plugin called “WP Easy Contact” and you’re using version 4.0.2 of that plugin, the notice is correct, as the issue had been patched in 4.0.3 and higher of the WP Easy Contact plugin. See: https://vulnerabilities.really-simple-security.com/plugin/wp-easy-contact/105368f2-1ea8-405b-b8f6-ace619493a44/
So, if your question indeed concerned the WP Easy Contact plugin specifically, you can update it to version 4.0.3 to resolve it & get rid of the warning about it.
Kind regards, Jarno
@jarnovos
No, it concerns Video Gallery – YouTube Gallery & Responsive Video Playlist
Hi @ajtruckle,
I see that you are correct: version 4.0.2 of the “Video Gallery” plugin is incorrectly being regarded as vulnerable.
You are not vulnerable to the described issue, if you are using the latest version (4.0.2) of the Video Gallery – YouTube Gallery & Responsive Video Playlist plugin (slug: youtube-showcase).
We hope to address these issues shortly and are actively investigating these reports. Sorry for the inconvenience.
Hi @locker17,
Similarly to the above, version 2.14.16 of the Better Messages plugin is incorrectly being regarded as vulnerable.
You are not vulnerable to the described issue if you are in fact using the latest version (2.14.16) of the Better Messages plugin.
Please excuse us for the inconvenience. We’re actively looking into these mismatches as described and hope to provide a definitive solution too.
Kind regards, Jarno
Hi @ajtruckle,
The issue has been resolved for the youtube-showcase plugin.
Once your site syncs the updated vulnerability data, any related notices should be cleared accordingly.
Syncing will happen automatically, but note that this may take a short time (~1 day) before being initiated.
Kind regards, Jarno
Hi @locker17,
As a quick update: this issue had also been resolved for BP Better Messages.
It will no longer incorrectly be marked as vulnerable when you’re already using the latest version (2.14.16).
Thanks again for raising the issue with us.
Kind regards, Jarno
