Vulnerability alerts

Hi @executekone,

You may have seen two WordPress Core issues being flagged recently. An oversight in how our Vulnerabilities API classified these particular entries caused them to show up much more broadly than they were originally intended to.

These issues should’ve behaved differently from ‘standard’ vulnerabilities; since there’s no practical “fixed version” of WordPress Core that you could install to make this risk go away, and exploitation of these two issues is considered highly unlikely without the presence of additional weaknesses.

We’ve corrected the API so these (and similar cases) are handled as we intended once more, and once your site syncs the updated vulnerability data, these WordPress Core notices should be cleared accordingly. Please note that syncing will happen automatically, but this may take a short time and will not happen instantly on every site.

As for the WP Staging plugin, if you’ve already updated to a patched version of that plugin; the notice about that should disappear as well after some time passes. If this does not happen, could you let me know which version of the WP Staging plugin you’re using (and whether this concerns the Free or Pro version)?

Kind regards, Jarno

Hi @executekone,

Appreciate the quick update here, I have taken a look at our data for the WP Staging plugin as well.

I can confirm that the notification was a false positive as WP Staging (Free) 4.7.3 is not vulnerable to this issue.

The short summary is that the alert fired as our system treated WP Staging Free like the Pro one for the version comparison. We’ve corrected this on our end already, so once your site re-syncs the new vulnerability data (~1 day), this warning should automatically disappear as a result.

Thanks again for letting us know about this.

Kind regards, Jarno

Hi @executekone,

Thanks a lot for confirming the solution, much appreciated.

Kind regards, Jarno