Countdown builder (3.0.1) has known security vulnerabilities

Hi @girdy74,

Thanks for bringing this up. I checked the WPScan report for the plugin countdown-builder and didn’t see any vulnerabilities flagged there for version 3.0.1. Are you seeing this flagged in your Jetpack Scan dashboard (https://cloud.jetpack.com/scan/)?

If you are, could you share the URL of your site where it’s flagged so we can investigate further? It might be a false positive, which we can escalate internally.

If you’d rather keep things private, you’re welcome to contact us via this form: [Contact Form]

Please include a link or reference to this forum thread when contacting us so we know what you’re referring to.

Thanks!

Hi @girdy74,

Thanks for sharing the screenshot, got it, and no worries at all. If your client doesn’t need the plugin, then removing it sounds like the right call.

I went ahead and tested version 3.0.1 of the plugin on my own test site but wasn’t able to trigger the same vulnerability alert, so for now, it does look like this was a false positive. If your client ever decides to use the plugin again, and if it gets flagged, feel free to reach back out, and we’ll take another look while it’s still active on the site.

Thanks again for sharing this, and let us know if you have any other questions! 🙂

Hi there, @girdy74,

You’re very welcome – hope we did help 🙂

I’m going to mark this thread as solved. If you have any further questions or need more help, you’re welcome to open another thread here. Cheers!