ZLC
(@kindnessville)
I got this message too. I’ve deleted the plugin until I learn more. Adding to this thread to stay in the loop.
Hi @tneveu @kindnessville,
Thanks for reaching out to us. We are currently verifying this vulnerability, and you can rest assured that we will address it as soon as possible.
Thanks for your patience.
Kind Regards,
Mej, Widget Options Team
Hi @tneveu @kindnessville,
A new version has been released. Could you please update to the latest version and let us know if the vulnerability is resolved on your end?
Looking forward to your updates!
JetPack Protect is still showing it as a security vulnerability but they changed the version number to 4.2.2. Maybe you can contact Automattic to find out what the issue is?
This is a common issue I’ve seen before. Jetpack uses the WPScan database, which is notorious for slow updates. For example, this entry (https://wpscan.com/vulnerability/2b5919a6-bb6d-4cf1-b6ef-cd17a3b818d6/) is still listed as ‘no known fix’ on WPScan, even though the Wordfence report confirms it’s already patched. Jetpack flags new versions as vulnerable simply because its data source hasn’t been updated yet.
Hi Dear users,
Upon further investigation, it appears that Wordfence has not yet reviewed our patch for the previously reported vulnerability. Because of this, some security plugins may still flag the current version of the Widget Options plugin as vulnerable.
Once Wordfence publishes the updated patch review on their end, these security notices should automatically be resolved.
We’re still waiting for an update from the Wordfence team, and we’ll make sure to keep this thread updated as soon as we hear back from them.
Thanks for your patience!
Thanks for keeping us in the loop. Much appreciated.
