Here is the direct link to the Anywhere Elementor page’s results on the Wordfence site too, the latest issue is under the vulnerabilities area: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/anywhere-elementor
Hi @kspd1389
This is a false positive report. Our plugin is not affected by the above-mentioned vulnerability.
We have already reported to Wordfence regarding the issue. They have acknowledged it and will be fixing it from their end.
Hi @anandau14 ,
Thank you for responding and the clarification. The Wordfence network still appears to be identifying this as a vulnerability as I’ve received several more alerts today even since your reply but I am hoping they get their system updated soon given that it is a false positive report. I am going to mark this as resolved for now. Thanks again.
Hi @anandau14,
I just wanted to let you know that Wordfence is still sending out these emails alerts, I’ve received multiple email alerts now for each website that we have Anywhere Elementor installed on. Some websites have generated 3 alerts for this particular issue. I wanted to give a heads up in case Wordfence gave you an update on when they are planning to update things on their end for this? Thank you.
Hi @kspd1389
This is the response I got from Wordfence
Thank you for bringing this to our attention. We will get this fixed as soon as possible.
I am not sure about the process they follow in such cases.
We have already released an update yesterday. I think updating to 1.2.9 can fix those alerts. We have removed a blank folder of freemius SDK which I think is the reason why they marked our plugin as affected by the recent freemius vulnerability.
We removed the Freemius integration from our free plugin around 3 months back but a blank freemius folder remains there by mistake. Which was of course not harming in any way, but it seems Wordfence got confused by that.
