Outdated Software and vulnerabilities | WordPress.org

[ad_1]

@benixgo It looks like Sucuri is reading this plugin’s integration files as if they were the actual plugins they’re named after.

Taking this one for example:

vulnerable Jetpack plugin found at ./wp-content/plugins/gamipress/integrations/jetpack/jetpack.php – Version: 1.0.0 Please update this plugin immediately: https://jetpack.com/blog/jetpack-12-1-1-critical-security-update/

If you were indeed using Jetpack 1.0.0 that would indeed be very bad. As the link mentions, there is a security vulnerability with Jetpack 12.1.1 and lower.

But, you don’t have to worry. The current version of Jetpack is 13.9, has no known vulnerabilities, and the file in question is just version 1.0.0 of GamiPress’s Jetpack integration, which is, crucially, not the Jetpack plugin.

@gamipress You might want to consider renaming those files, so something like this doesn’t happen.

Hi @macmanx

I’m Ruben, CEO at GamiPress & AutomatorWP

We do not know why Sucuri stills working with those files since they are not in the main directory where the plugin file should be placed

We reported it several times to Sucuri to do not check files in subfolders as the main one, other security plugins already fixed it but seems that Sucuri is still working on this fix yet…

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer