Title: False alert since update Last modified: September 12, 2016 --- # False alert since update * Resolved [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/) * Hello, * Since latest update 1.2 I get what it seems to be a false positive alert for plugin “SEO Redirection” for version 2.2 – which is from last year. Latest version of this plugin (installed) is 3.9 and a couple of weeks old. * I don’t really know whether the problem is here with this plugin or with the other one that might return a wrong version, but I got the alert only after updating this one. * Thanks! Viewing 15 replies - 1 through 15 (of 23 total) 1 [2](https://wordpress.org/support/topic/false-alert-since-update/page/2/?output_format=md) [→](https://wordpress.org/support/topic/false-alert-since-update/page/2/?output_format=md) * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8172462) * The same happens for “WP Media Cleaner”: I have version 2.6.0 installed but getting alert for version 2.2.6 * [Eusebiu Oprinoiu](https://wordpress.org/support/users/eusebiuoprinoiu/) * (@eusebiuoprinoiu) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8172884) * Hey, John! * The update was based on one of my suggestions. I checked both of your plugins and the vulnerabilities listed are not marked as fixed in the WPScan database. So as far as the plugin is concerned, it works as expected. They are not false positives because both plugins are listed as vulnerable. * SEO Redirection is fairly popular and the best course of action is to open a ticket on their [support forum](https://wordpress.org/support/plugin/seo-redirection) and ask if the vulnerability was fixed. If it was, they can request to have it marked as fixed. If it wasn’t, you should switch to another plugin. (SEO Redirection has 2 vulnerabilities listed in WPScan, in 2.2 and 2.8 and only the second one is marked as fixed) * WP Media Cleaner on the other hand, is definitely vulnerable. It was even removed from the WordPress Repository to prevent other people from using it. * Best regards, Eusebiu Oprinoiu * [Eusebiu Oprinoiu](https://wordpress.org/support/users/eusebiuoprinoiu/) * (@eusebiuoprinoiu) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8172910) * BTW, the version you see is not the version of your plugin, it is the version in which the vulnerability was detected. (And it only appears if your plugin does not contain a fix for it) * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8172966) * OK, thanks for this, well noted. Will follow your advice then. * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8181892) * The problem here is that we keep receiving email alerts for old vulnerabilities that were probably cleaned but not marked as fixed at the DB. * Is there a way to mark some vulnerabilities as “seen” and stop receiving email alerts every single day? * [Eusebiu Oprinoiu](https://wordpress.org/support/users/eusebiuoprinoiu/) * (@eusebiuoprinoiu) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8181949) * Hey, John! * WPScan is quite consistent at updating the vulnerability status even for the most obscure plugins, so if something is listed as not fixed, it probably isn’t. Don’t presume a plugin is clean just because a vulnerability is old. * I understand, however, in edge-case scenarios you might still want to keep a vulnerable plugin. In cases like that, an option to ignore certain vulnerabilities can be helpful. Perhaps Edir will be kind enough to implement such a feature in a future version. * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8181984) * Yes, that’s right, such option would be most welcome! * [Edir Pedro](https://wordpress.org/support/users/edir/) * (@edir) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8182002) * Hi guys, I’ll check that soon and look at the best way to do ignore such case. Probably I’ll have to create an ignore button for each vulnerability to hide it on emails and still notify new ones not fixed too. If you have ideas, write here. * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8182018) * Yes, that would be great! Another option would be to specify the amount of reminders a user wants to receive? One single one for each new vulnerability found or repeat with reminders every week/month/year… * [Eusebiu Oprinoiu](https://wordpress.org/support/users/eusebiuoprinoiu/) * (@eusebiuoprinoiu) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8182102) * I don’t think vulnerabilities should be ignored / hidden entirely. They should all be listed on the plugin dashboard. Postponing the emails is not ideal either. People should be notified as soon as a new vulnerability is detected. Since each vulnerability has a unique ID, you could dynamically build a list of checkboxes with al the vulnerabilities detected. Then, when the cron job runs, if there is at least one checkbox empty, send the email. * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8190489) * Here’s an example of the problem I’m talking about: [https://wordpress.org/support/topic/vulnerabilitiy-alert/](https://wordpress.org/support/topic/vulnerabilitiy-alert/) * Plugin or theme authors make updates that include vulnerability fixes but don’t bother to mark them as fixed. * In such cases it’s useful to be able to stop receiving alerts. * [Edir Pedro](https://wordpress.org/support/users/edir/) * (@edir) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8190538) * Hi John. I’ll check that this weekend, right now I’m very busy on a project. * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8190572) * No problem, nothing urgent for me, this was just FYI – nothing more. Thanks! * [Edir Pedro](https://wordpress.org/support/users/edir/) * (@edir) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8198186) * Ok guys, I built it this Sunday, could you test it for me before I publish? Just download and drag the folder to your WP site. * [https://github.com/edirpedro/vulnerability-alerts/archive/master.zip](https://github.com/edirpedro/vulnerability-alerts/archive/master.zip) * Thread Starter [John](https://wordpress.org/support/users/dsl225/) * (@dsl225) * [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/#post-8198330) * Is this an update of the previous version or a new package? * As the name is different, I tried to install it as a new package (and deactivated the previous one) but it didn’t work. * I got this: * > Unpacking the package… > Installing the plugin… > The package could not be installed. No valid plugins were found. > Plugin install failed. Viewing 15 replies - 1 through 15 (of 23 total) 1 [2](https://wordpress.org/support/topic/false-alert-since-update/page/2/?output_format=md) [→](https://wordpress.org/support/topic/false-alert-since-update/page/2/?output_format=md) The topic ‘False alert since update’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/vulnerability-alerts_3a474e.svg) * [Vulnerability Alerts](https://wordpress.org/plugins/vulnerability-alerts/) * [Support Threads](https://wordpress.org/support/plugin/vulnerability-alerts/) * [Active Topics](https://wordpress.org/support/plugin/vulnerability-alerts/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/vulnerability-alerts/unresolved/) * [Reviews](https://wordpress.org/support/plugin/vulnerability-alerts/reviews/) * 23 replies * 3 participants * Last reply from: [John](https://wordpress.org/support/users/dsl225/) * Last activity: [9 years, 9 months ago](https://wordpress.org/support/topic/false-alert-since-update/page/2/#post-8202481) * Status: resolved