Announcement

Collapse
No announcement yet.

Notice of Vulnerabilities from Imunify360 for WooCommerce on cPanel

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Notice of Vulnerabilities from Imunify360 for WooCommerce on cPanel

    We recently received a notice from Imunify360 regarding vulnerabilities in WooCommerce version 8.1.1 (PRION:CVE-2021-32790) on our server. However, the vulnerabilities mentioned are dated from 2021.
    We were wondering if this is a bug or if action is needed on our end to address these vulnerabilities?

  • #2
    Hi,
    To provide you with a more accurate answer, would you please share the notice in question?

    Comment


    • #3
      Originally posted by alevchenko View Post
      Hi,
      To provide you with a more accurate answer, would you please share the notice in question?
      Dear Administrator,

      This message is to provide you important information regarding web server security. Please note that the following software in your environment is considered to be outdated or vulnerable:
      • woocommerce version 8.1.1 that is located at /home/REDACTED/public_html/staging has vulnerability(s):
      • PRION:CVE-2021-32790
      • woocommerce version 8.1.1 that is located at /home/REDACTED/public_html has vulnerability(s):
      • PRION:CVE-2021-32790
      • woocommerce version 8.1.1 that is located at /home/REDACTED/public_html has vulnerability(s):
      • PRION:CVE-2021-32790
      • woocommerce version 8.1.1 that is located at /home/REDACTED/public_html/staging has vulnerability(s):
      • PRION:CVE-2021-32790
      • woocommerce-direct-checkout version 3.2.4 that is located at /home/REDACTED/public_html/staging is outdated
        The recommended for use version of this software is 3.2.5

      1 more items found.

      Please do the following:
      • Option 1: Make sure WordPress administrator(s) responsible install the necessary updates.
      OR
      • Option 2: Upgrade from ImunifyAV to Imunify360 to cut down the risks that come with outdated software.

      If you have any questions, please contact our support team.

      All the best,
      Imunify360 Security Team
      Manage subscriptions
      The system generated this notice on Sunday, October 1, 2023 at 4:58:12 AM UTC.

      “Imunify::Generic” notifications are currently configured to have an importance of “High”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: (redacted)

      Do not reply to this automated message.

      Copyright© 2023 cPanel, L.L.C.

      Comment


      • #4
        Hello,

        Consulted with our specialized team and was informed that this has been already addressed to the developers for investigation (for checking WooCommerce CVE-2021-32790).

        There is no ETA for now as such tasks can be researched for weeks so I'd recommend monitoring our changelog https://changelog.imunify.com/

        Comment


        • #5
          Greetings,

          In regard to the CVE-2021-32790, this Woocommerce plugin vulnerability was covered on July 16, 2021 with rule 77316858.
          We also recommend keeping your plugins, themes and core updated.​

          Comment


          • #6
            I'm running into a similar issue, but with WPForms Pro:

            wpforms version 1.8.8.3 that is located at /home/user/public_html has vulnerability(s):
            CVE-2023-30500
            CVE-2023-7063​


            1.8.8.3 is the latest version and is not vulnerable, and I keep all the WP sites I manage fully secured / updated in all regards at all times.

            I've started a new post/thread with more details and just waiting for it to be approved by moderators.

            Comment


            • #7
              fabdub Thanks for the email provided!

              The same issue was reported by dave518 too and I'd like to inform you that this issue is known to our team and we already have an internal task to fix incorrect vulners data for WordPress plugins. ETA for fix is about a month (reported a week ago), so for now you can ignore it or disable notifications as described at https://blog.imunify360.com/how-to-m...-notifications

              Comment

              Working...
              X