If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Announcement
Collapse
No announcement yet.
Notice of Vulnerabilities from Imunify360 for WooCommerce on cPanel
Notice of Vulnerabilities from Imunify360 for WooCommerce on cPanel
We recently received a notice from Imunify360 regarding vulnerabilities in WooCommerce version 8.1.1 (PRION:CVE-2021-32790) on our server. However, the vulnerabilities mentioned are dated from 2021.
We were wondering if this is a bug or if action is needed on our end to address these vulnerabilities?
Hi,
To provide you with a more accurate answer, would you please share the notice in question?
Dear Administrator,
This message is to provide you important information regarding web server security. Please note that the following software in your environment is considered to be outdated or vulnerable:
woocommerce version 8.1.1 that is located at /home/REDACTED/public_html/staging has vulnerability(s):
PRION:CVE-2021-32790
woocommerce version 8.1.1 that is located at /home/REDACTED/public_html has vulnerability(s):
PRION:CVE-2021-32790
woocommerce version 8.1.1 that is located at /home/REDACTED/public_html has vulnerability(s):
PRION:CVE-2021-32790
woocommerce version 8.1.1 that is located at /home/REDACTED/public_html/staging has vulnerability(s):
PRION:CVE-2021-32790
woocommerce-direct-checkout version 3.2.4 that is located at /home/REDACTED/public_html/staging is outdated
The recommended for use version of this software is 3.2.5
1 more items found.
Please do the following:
Option 1: Make sure WordPress administrator(s) responsible install the necessary updates.
OR
Option 2: Upgrade from ImunifyAV to Imunify360 to cut down the risks that come with outdated software.
If you have any questions, please contact our support team.
The system generated this notice on Sunday, October 1, 2023 at 4:58:12 AM UTC.
“Imunify::Generic” notifications are currently configured to have an importance of “High”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: (redacted)
Consulted with our specialized team and was informed that this has been already addressed to the developers for investigation (for checking WooCommerce CVE-2021-32790).
There is no ETA for now as such tasks can be researched for weeks so I'd recommend monitoring our changelog https://changelog.imunify.com/
In regard to the CVE-2021-32790, this Woocommerce plugin vulnerability was covered on July 16, 2021 with rule 77316858.
We also recommend keeping your plugins, themes and core updated.
The same issue was reported by dave518 too and I'd like to inform you that this issue is known to our team and we already have an internal task to fix incorrect vulners data for WordPress plugins. ETA for fix is about a month (reported a week ago), so for now you can ignore it or disable notifications as described at https://blog.imunify360.com/how-to-m...-notifications
We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.
By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.
Tweet
Comment