Announcement

**alevchenko** · 10-04-2023, 06:29 AM

Hi,
To provide you with a more accurate answer, would you please share the notice in question?

**fabdub** · 10-10-2023, 03:44 PM

Originally posted by alevchenko View Post

Hi,
To provide you with a more accurate answer, would you please share the notice in question?

Dear Administrator,

This message is to provide you important information regarding web server security. Please note that the following software in your environment is considered to be outdated or vulnerable:

woocommerce version 8.1.1 that is located at /home/REDACTED/public_html/staging has vulnerability(s):
PRION:CVE-2021-32790
woocommerce version 8.1.1 that is located at /home/REDACTED/public_html has vulnerability(s):
PRION:CVE-2021-32790
woocommerce version 8.1.1 that is located at /home/REDACTED/public_html has vulnerability(s):
PRION:CVE-2021-32790
woocommerce version 8.1.1 that is located at /home/REDACTED/public_html/staging has vulnerability(s):
PRION:CVE-2021-32790
woocommerce-direct-checkout version 3.2.4 that is located at /home/REDACTED/public_html/staging is outdated
The recommended for use version of this software is 3.2.5

1 more items found.

Please do the following:

Option 1: Make sure WordPress administrator(s) responsible install the necessary updates.

OR

Option 2: Upgrade from ImunifyAV to Imunify360 to cut down the risks that come with outdated software.

If you have any questions, please contact our support team.

All the best,
Imunify360 Security Team
Manage subscriptions

The system generated this notice on Sunday, October 1, 2023 at 4:58:12 AM UTC.

“Imunify::Generic” notifications are currently configured to have an importance of “High”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: (redacted)

Do not reply to this automated message.

**alevchenko** · 10-16-2023, 04:05 PM

Hello,

Consulted with our specialized team and was informed that this has been already addressed to the developers for investigation (for checking WooCommerce CVE-2021-32790).

There is no ETA for now as such tasks can be researched for weeks so I'd recommend monitoring our changelog https://changelog.imunify.com/

**mchernyavsky** · 10-30-2023, 11:25 AM

Greetings,

In regard to the CVE-2021-32790, this Woocommerce plugin vulnerability was covered on July 16, 2021 with rule 77316858.
We also recommend keeping your plugins, themes and core updated.

**dave518** · 05-21-2024, 01:06 PM

I'm running into a similar issue, but with WPForms Pro:

wpforms version 1.8.8.3 that is located at /home/user/public_html has vulnerability(s):
CVE-2023-30500
CVE-2023-7063

1.8.8.3 is the latest version and is not vulnerable, and I keep all the WP sites I manage fully secured / updated in all regards at all times.

I've started a new post/thread with more details and just waiting for it to be approved by moderators.

**alevchenko** · 06-07-2024, 12:58 PM

fabdub Thanks for the email provided!

The same issue was reported by dave518 too and I'd like to inform you that this issue is known to our team and we already have an internal task to fix incorrect vulners data for WordPress plugins. ETA for fix is about a month (reported a week ago), so for now you can ignore it or disable notifications as described at https://blog.imunify360.com/how-to-m...-notifications

Announcement

Notice of Vulnerabilities from Imunify360 for WooCommerce on cPanel

Notice of Vulnerabilities from Imunify360 for WooCommerce on cPanel

Comment

Comment

Comment

Comment

Comment

Comment