Wordfence still reporting free plugin as critical

  • techspecx

    (@techspecx)


    3 months, 3 weeks ago

    Hello Emre,

    I hope you’re doing well. Wordfence continues to flag version 1.4.3 as a concern. They’ve recommended, “To protect your site from this vulnerability, the safest option is to deactivate and completely remove ‘WP Fastest Cache’ until a patched version is released.” While I’d prefer not to remove it, I will consider doing so if these reports persist.

    Interestingly, one report categorizes it as critical, while another describes the vulnerability as low. I’m curious as to why Wordfence continues to signal this issue despite my multiple scans.

    Thank you for your ongoing support with this plugin.

    Best regards,
    techspecx

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Author Emre Vona

    (@emrevona)

    3 months, 3 weeks ago

    Actually, this warning has nothing to do with the free plugin, but I just released version 1.4.4 anyway. Let’s see if it gives the warning again.

    Thread Starter techspecx

    (@techspecx)

    3 months, 3 weeks ago

    Hi Emre,

    Thanks for your quick response. I conducted a Wordfence scan, and it still reports an issue with WP Fastest Cache. Although their webpage states that the vulnerable version is WP Fastest Cache Premium <= 1.7.4 and that we should update to version 1.7.5 or a newer patched version, my scan indicates:

    • Plugin Name: WP Fastest Cache
    • Current Plugin Version: 1.4.4
    • Details: To protect your site from this vulnerability, it’s safest to deactivate and completely remove “WP Fastest Cache” until a fixed version is available. More information
    • Vulnerability Information: Link
    • Vulnerability Severity: 3.5/10.0 (Low)

    I’ll reach out to WFPeter at Wordfence for more assistance or to keep him informed. If you believe everything is functioning properly on your end, it’s possible their software is mistakenly triggering the alert. Let me know if you need anything else.

    Best,
    techspecx

    Plugin Author Emre Vona

    (@emrevona)

    3 months, 3 weeks ago

    Releasing a new version didn’t help because this issue is related to the premium add-on. I don’t understand why emails regarding the premium version were sent to users who don’t have a premium subscription. 

    Plugin Author Emre Vona

    (@emrevona)

    3 months, 3 weeks ago

    I started a thread on the WordFence support forum, but it hasn’t been approved yet. I’m curious what kind of response they’ll give.

    Plugin Author Emre Vona

    (@emrevona)

    3 months, 3 weeks ago

    hi @fidukoff , you can continue with the following article.

    https://ww.wp.xz.cn/support/topic/about-wp-fastest-cache-premium-1-7-4-missing-authorization/#post-18757302

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.