Tweet
A similar event as someone else detailed in https://forum.cloudlinux.com/forum/i...erce-on-cpanel , but with WPForms Pro plugin for WordPress.
1.8.8.3 is the current version and does not have any vulnerabilities, and has been running on my user's sites since April 26. But starting on May 10, ImunifyAV started reporting an old vulnerability from 2023 as follows:
------------------
Immediate Update Needed for WordPress Security
Dear Administrator,
We've detected vulnerable WordPress versions in your system:
wpforms version 1.8.8.3 that is located at /home/user/public_html has vulnerability(s):
CVE-2023-30500
CVE-2023-7063
wpforms version 1.8.8.3 that is located at /home/user/public_html/subdomain has vulnerability(s):
CVE-2023-30500
CVE-2023-7063
wpforms version 1.8.8.3 that is located at /home/user/public_html/subdomain has vulnerability(s):
CVE-2023-30500
CVE-2023-7063
wpforms version 1.8.8.3 that is located at /home/user/public_html/subdomain has vulnerability(s):
CVE-2023-30500
CVE-2023-7063
1 more items found.
Quick Steps to Secure:
Alert WordPress admin(s) to update ASAP.
Upgrade to Imunify360 for broader security coverage.
Questions? Our team is here to help.
Stay Safe,
Imunify360 Security Team
Manage subscriptions
The system generated this notice on Monday, May 20, 2024 at 7:42:43 AM UTC.
“Imunify::Generic” notifications are currently configured to have an importance of “Low”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: hostname:2087/scripts2/editcontact?event=Application
Do not reply to this automated message.
-------------------
Also seems strange that the support team links in these messages link to https://www.imunify360.com/newsletter-thank-you/ (with an added unique ID on the end) which takes me to a "Thank you! You have signed up for our newsletter." page.
I know I could just disable the alerts, but I would much rather know if / when / why ImunifyAV is reporting incorrectly.
Thanks for any assist!
1.8.8.3 is the current version and does not have any vulnerabilities, and has been running on my user's sites since April 26. But starting on May 10, ImunifyAV started reporting an old vulnerability from 2023 as follows:
------------------
Immediate Update Needed for WordPress Security
Dear Administrator,
We've detected vulnerable WordPress versions in your system:
wpforms version 1.8.8.3 that is located at /home/user/public_html has vulnerability(s):
CVE-2023-30500
CVE-2023-7063
wpforms version 1.8.8.3 that is located at /home/user/public_html/subdomain has vulnerability(s):
CVE-2023-30500
CVE-2023-7063
wpforms version 1.8.8.3 that is located at /home/user/public_html/subdomain has vulnerability(s):
CVE-2023-30500
CVE-2023-7063
wpforms version 1.8.8.3 that is located at /home/user/public_html/subdomain has vulnerability(s):
CVE-2023-30500
CVE-2023-7063
1 more items found.
Quick Steps to Secure:
Alert WordPress admin(s) to update ASAP.
Upgrade to Imunify360 for broader security coverage.
Questions? Our team is here to help.
Stay Safe,
Imunify360 Security Team
Manage subscriptions
The system generated this notice on Monday, May 20, 2024 at 7:42:43 AM UTC.
“Imunify::Generic” notifications are currently configured to have an importance of “Low”. You can change the importance or disable this type of notification in WHM’s Contact Manager at: hostname:2087/scripts2/editcontact?event=Application
Do not reply to this automated message.
-------------------
Also seems strange that the support team links in these messages link to https://www.imunify360.com/newsletter-thank-you/ (with an added unique ID on the end) which takes me to a "Thank you! You have signed up for our newsletter." page.
I know I could just disable the alerts, but I would much rather know if / when / why ImunifyAV is reporting incorrectly.
Thanks for any assist!
Comment