Title: Outdated Software and vulnerabilities Last modified: October 14, 2024 --- # Outdated Software and vulnerabilities * Resolved [Benixgo](https://wordpress.org/support/users/benixgo/) * (@benixgo) * [1 year, 8 months ago](https://wordpress.org/support/topic/outdated-software-and-vulnerabilities/) * Hi, I just installer the GamiPress plugin and a couple of hours later I get all these vulnerabilities warning from Sucuri : * vulnerable WP Fluent Forms plugin found at ./wp-content/plugins/gamipress/integrations/ fluentform/fluentform.php – Version: 1.0.1 Please update this plugin immediately: [https://wpscan.com/vulnerability/16070387-e2b2-4b97-8cd8-cc2db80a3995](https://wpscan.com/vulnerability/16070387-e2b2-4b97-8cd8-cc2db80a3995) * vulnerable LearnPress plugin found at ./wp-content/plugins/gamipress/integrations/ learnpress/learnpress.php – Version: 1.1.1 Please update this plugin immediately: [https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/](https://www.bleepingcomputer.com/news/security/75k-wordpress-sites-impacted-by-critical-online-course-plugin-flaws/) * vulnerable Download Manager plugin found at ./wp-content/plugins/gamipress/integrations/ download-manager/download-manager.php – Version: 1.0.0 Please update this plugin immediately: [https://wpscan.com/vulnerability/394007c5-7923-46fe-bb4c-2377d66ff900](https://wpscan.com/vulnerability/394007c5-7923-46fe-bb4c-2377d66ff900) * vulnerable Forminator – Contact Form, Payment Form & Custom Form Builder plugin found at ./wp-content/plugins/gamipress/integrations/forminator/forminator.php– Version: 1.0.9 Please update this plugin immediately: [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/forminator/forminator-1290-unauthenticated-stored-cross-site-scripting-via-file-upload](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/forminator/forminator-1290-unauthenticated-stored-cross-site-scripting-via-file-upload) * vulnerable Ninja Forms plugin found at ./wp-content/plugins/gamipress/integrations/ ninja-forms/ninja-forms.php – Version: 1.1.1 Please update this plugin immediately: [https://wpscan.com/vulnerability/8843d66b-e895-4336-afda-00b99442cdc1](https://wpscan.com/vulnerability/8843d66b-e895-4336-afda-00b99442cdc1) * vulnerable Easy Digital Downloads plugin found at ./wp-content/plugins/gamipress/ integrations/easy-digital-downloads/easy-digital-downloads.php – Version: 1.2.9 Please update this plugin immediately: [https://wpscan.com/vulnerability/1fa35321-fc1f-4770-b03c-06ad871dd18f](https://wpscan.com/vulnerability/1fa35321-fc1f-4770-b03c-06ad871dd18f) * vulnerable Events Made Easy plugin found at ./wp-content/plugins/gamipress/integrations/ events-manager/events-manager.php – Version: 1.0.3 Please update this plugin immediately: [https://blog.sucuri.net/2022/06/vulnerability-patch-roundup-june-2022.html](https://blog.sucuri.net/2022/06/vulnerability-patch-roundup-june-2022.html) * vulnerable Jetpack plugin found at ./wp-content/plugins/gamipress/integrations/ jetpack/jetpack.php – Version: 1.0.0 Please update this plugin immediately: [https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/](https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/) * vulnerable GiveWP plugin found at ./wp-content/plugins/gamipress/integrations/ give/give.php – Version: 1.0.0 Please update this plugin immediately: [https://wpscan.com/vulnerability/fdf7a98b-8205-4a29-b830-c36e1e46d990/](https://wpscan.com/vulnerability/fdf7a98b-8205-4a29-b830-c36e1e46d990/) Viewing 4 replies - 1 through 4 (of 4 total) * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [1 year, 8 months ago](https://wordpress.org/support/topic/outdated-software-and-vulnerabilities/#post-18070410) * [@benixgo](https://wordpress.org/support/users/benixgo/) It looks like Sucuri is reading this plugin’s integration files as if they were the actual plugins they’re named after. * Taking this one for example: * > vulnerable Jetpack plugin found at ./wp-content/plugins/gamipress/integrations/ > jetpack/jetpack.php – Version: 1.0.0 Please update this plugin immediately: > [https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/](https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/) * If you were indeed using Jetpack 1.0.0 that would indeed be very bad. As the link mentions, there is a security vulnerability with Jetpack 12.1.1 and lower. * But, you don’t have to worry. The current version of [Jetpack](https://wordpress.org/plugins/jetpack/) is 13.9, has no known vulnerabilities, and the file in question is just version 1.0.0 of [GamiPress’s Jetpack integration](https://plugins.trac.wordpress.org/browser/gamipress/tags/7.1.1/integrations/jetpack/jetpack.php), which is, crucially, not the Jetpack plugin. * [@gamipress](https://wordpress.org/support/users/gamipress/) You might want to consider renaming those files, so something like this doesn’t happen. * Plugin Author [Ruben Garcia](https://wordpress.org/support/users/rubengc/) * (@rubengc) * [1 year, 8 months ago](https://wordpress.org/support/topic/outdated-software-and-vulnerabilities/#post-18070757) * Hi [@macmanx](https://wordpress.org/support/users/macmanx/) I’m Ruben, CEO at GamiPress & AutomatorWP * We do not know why Sucuri stills working with those files since they are not in the main directory where the plugin file should be placed We reported it several times to Sucuri to do not check files in subfolders as the main one, other security plugins already fixed it but seems that Sucuri is still working on this fix yet… * Moderator [James Huff](https://wordpress.org/support/users/macmanx/) * (@macmanx) * [1 year, 8 months ago](https://wordpress.org/support/topic/outdated-software-and-vulnerabilities/#post-18070848) * These security scanners are blunt instruments, they can only be as smart as their developers make them. * I can guess why Sucuri thought that `/wp-content/plugins/gamipress/integrations/ jetpack/jetpack.php` was `/wp-content/plugins/jetpack/jetpack.php` * It’s annoying, it should be fixed on Sucuri’s end, but it is plausible. * I think the only effective way forward, or at least the only way forward in your control, is to rename the files themselves, like `/integrations/jetpack/jetpack. php` to `/integrations/jetpack/gamipress-jetpack.php` * I know that’s a fair bit of work, but the confusion amongst your existing and future users will continue until either you do that or Sucuri finally fixes their scanner, and you can only control your own stuff. * Thread Starter [Benixgo](https://wordpress.org/support/users/benixgo/) * (@benixgo) * [1 year, 8 months ago](https://wordpress.org/support/topic/outdated-software-and-vulnerabilities/#post-18071466) * Ok that’s what I thought, thanks for the quick answers guys, I will also open a ticket with Sucuri, hope that helps! Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Outdated Software and vulnerabilities’ is closed to new replies. * ![](https://ps.w.org/gamipress/assets/icon-256x256.png?rev=1699714) * [GamiPress - Gamification plugin to reward points, achievements, badges & ranks in WordPress](https://wordpress.org/plugins/gamipress/) * [Frequently Asked Questions](https://wordpress.org/plugins/gamipress/#faq) * [Support Threads](https://wordpress.org/support/plugin/gamipress/) * [Active Topics](https://wordpress.org/support/plugin/gamipress/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/gamipress/unresolved/) * [Reviews](https://wordpress.org/support/plugin/gamipress/reviews/) ## Tags * [outdated](https://wordpress.org/support/topic-tag/outdated/) * [vulnerable](https://wordpress.org/support/topic-tag/vulnerable/) * 4 replies * 3 participants * Last reply from: [Benixgo](https://wordpress.org/support/users/benixgo/) * Last activity: [1 year, 8 months ago](https://wordpress.org/support/topic/outdated-software-and-vulnerabilities/#post-18071466) * Status: resolved