foobox-image-lightbox 2.7.17 is detected as 2.7.16 by wpsec.com and hackertarget

  • Resolved dmerlitti

    (@dmerlitti)


    1 year, 9 months ago

    I don’t think this is a software related issue but it can be usefull to know that both wpsec.com and hackertarget.com detect the foobox-image-lightbox version 2.7.17 as it were 2.7.16 and suggest updating to 2.7.17. The vulnerability detected is “Unauthorised AJAX Calls via Freemius” [https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a].

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support elviiso

    (@elviiso)

    1 year, 9 months ago

    Hi @dmerlitti

    Thanks for alerting us to this development.

    First, as you can see from here, this security issue was patched successfully and resolved.

    What is happening in the case of those security websites is that they haven’t updated their databases and so they are unfortunately still showing that the issue – which was patched months ago actually – still exists, which is not the case. This is something common with many of these security sites and plugins.

    They will eventually update their database and virus definitions and take our plugin off that list.

    Kind regards,
    Elvis.

    Thread Starter dmerlitti

    (@dmerlitti)

    1 year, 9 months ago

    Hi @elviiso

    thanks so much for you prompt reply.

    What you say is clear to me but the strange thing is that two different web sites with the exact same plugin version give different results.

    I’ll wait some time and repeat the scan to see if the problem goes away.

    Bests

    Davide

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘foobox-image-lightbox 2.7.17 is detected as 2.7.16 by wpsec.com and hackertarget’ is closed to new replies.