Wordfence Says Salient Theme is a Security Vulnerability

​Hi there, Wordfence is warning me that the Salient Core and Salient Shortcodes plugins have security vulnerabilities. I wonder if these are false positives, or if I need to do something to remove these vulnerabilities.

Salient seems to be a well regarded theme, so I doubt this security issue is a normal occurrence for users.

All my plugins are set to auto-update, so it's not an issue of needing to be updated. I use HostGator as my host and PHP version is 8.1.29

Many thanks!

5 Comments
  1. Popularity does not equal security. Hell even well written plugins have vulnerabilities from time to time (Advanced Custom Fields just had one recently I believe?)

    I would treat it as a true positive and patch that thing ASAP

  2. I doubt it is a “false positive” because vulnerabilities involve specific versions of plugins, and Wordfence is just telling you: “you use this version of this plugin which has this vulnerability.”

    It’s more of a factual statement rather than something that might be incorrectly flagged just for your site. Possible I’m proven wrong, but let’s walk through it:

    Next steps I would take:

    – Identify the specific vulnerability at reference. It will tell you what version of the plugins are affected. For example, [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/salient-core-2](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/salient-core-2) affects version 2.0.7 and older.

    – Double-check what version of the plugin you have. Is it older? If so, you may need to update it manually and figure out why it did not auto-update as expected.

  3. Are you running older versions of those plugins? You’ll need to update the salient theme for updates to show for those plugins.

  4. Your Salient version isn’t up to date.
    Install the Envato Market plugin so that your website receives updates notifications automatically. Note that after the theme updates, you then need to also manually updates the plugins as well, via Appearance > Install Plugins.

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer