Hi there, Wordfence is warning me that the Salient Core and Salient Shortcodes plugins have security vulnerabilities. I wonder if these are false positives, or if I need to do something to remove these vulnerabilities.
Salient seems to be a well regarded theme, so I doubt this security issue is a normal occurrence for users.
All my plugins are set to auto-update, so it's not an issue of needing to be updated. I use HostGator as my host and PHP version is 8.1.29
Many thanks!
Popularity does not equal security. Hell even well written plugins have vulnerabilities from time to time (Advanced Custom Fields just had one recently I believe?)
I would treat it as a true positive and patch that thing ASAP
I doubt it is a “false positive” because vulnerabilities involve specific versions of plugins, and Wordfence is just telling you: “you use this version of this plugin which has this vulnerability.”
It’s more of a factual statement rather than something that might be incorrectly flagged just for your site. Possible I’m proven wrong, but let’s walk through it:
Next steps I would take:
– Identify the specific vulnerability at reference. It will tell you what version of the plugins are affected. For example, [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/salient-core-2](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/salient-core-2) affects version 2.0.7 and older.
– Double-check what version of the plugin you have. Is it older? If so, you may need to update it manually and figure out why it did not auto-update as expected.
The current version is 16.4.0. If you are running an older version, then update. More info available [here](https://themenectar.com/changelogs/salient.html) regarding the fixes pushed in previous updates.
Are you running older versions of those plugins? You’ll need to update the salient theme for updates to show for those plugins.
Your Salient version isn’t up to date.
Install the Envato Market plugin so that your website receives updates notifications automatically. Note that after the theme updates, you then need to also manually updates the plugins as well, via Appearance > Install Plugins.