advanced-custom-fields version 6.3.12 has vulnerability(s)

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • paul
    Junior Member
    Forum Explorer
    • Mar 2021
    • 13

    #1

    advanced-custom-fields version 6.3.12 has vulnerability(s)

    I am getting this notice...

    advanced-custom-fields version 6.3.12 that is located at /home/zzz/public_html has vulnerability(s):
    PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
    advanced-custom-fields version 6.3.12 that is located at /home/yyy/public_html has vulnerability(s):
    PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
    advanced-custom-fields version 6.3.12 that is located at /home/xxx/public_html has vulnerability(s):
    PATCHSTACK:BD9D311515BB184495B0975518D5B4E0​

    However Patchstack has no No known vulnerabilities found and changelogs show latest release is 6.3.12 https://www.advancedcustomfields.com/changelog/

    Any ideas about what's going on?
  • alevchenko
    Administrator
    • Mar 2023
    • 86

    #2
    Hi Paul,

    Please mind that ImunifyAV collects information about vulnerable/outdated software with the help of third-party providers, in this case, Patchstack, the emails are then sent for informational purposes to customers in order to prevent possible infections by taking the recommended actions.​

    I see we had another report regarding PATCHSTACK:BD9D311515BB184495B0975518D5B4E0 which was reported to our developers.

    According to them, this was an incorrect date from vulners: https://vulners.com/patchstack/PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
    Currently, we removed this record from our service, suppressing this notification.

    Please let us know if notifications are still delivered to you.

    Comment

    • paul
      Junior Member
      Forum Explorer
      • Mar 2021
      • 13

      #3
      Originally posted by alevchenko
      Hi Paul,

      Please mind that ImunifyAV collects information about vulnerable/outdated software with the help of third-party providers, in this case, Patchstack, the emails are then sent for informational purposes to customers in order to prevent possible infections by taking the recommended actions.​

      I see we had another report regarding PATCHSTACK:BD9D311515BB184495B0975518D5B4E0 which was reported to our developers.

      According to them, this was an incorrect date from vulners: https://vulners.com/patchstack/PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
      Currently, we removed this record from our service, suppressing this notification.

      Please let us know if notifications are still delivered to you.
      Thanks for your reply, unfortunately notifications are still being sent as of today.

      Comment

      • paul
        Junior Member
        Forum Explorer
        • Mar 2021
        • 13

        #4
        OK, I just got this today ....

        Dear Administrator,

        This message is to provide you important information regarding web server security. Please note that the following software in your environment is considered to be outdated or vulnerable:
        • advanced-custom-fields version 6.3.12 that is located at /home/xxx0/public_html has vulnerability(s):
          • PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
        • advanced-custom-fields version 6.3.12 that is located at /home/xxx1/public_html has vulnerability(s):
          • PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
        • advanced-custom-fields version 6.3.12 that is located at /home/xxx2/public_html has vulnerability(s):
          • PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
        • better-font-awesome version 2.0.4 that is located at /home/xxxx3/public_html has vulnerability(s):
          • PATCHSTACK214DC9DB7704421BD0A514BE0AE4E29
        All the Patchstack ID's are wrong, wrong version, wrong plugin.

        Do i need to put in a support request as I can't trust the data it is sending and it is misleading?

        Comment

        • paul
          Junior Member
          Forum Explorer
          • Mar 2021
          • 13

          #5
          Originally posted by paul
          OK, I just got this today ....



          All the Patchstack ID's are wrong, wrong version, wrong plugin.

          Do i need to put in a support request as I can't trust the data it is sending and it is misleading?
          eg

          better-font-awesome https://wordpress.org/plugins/better-font-awesome/ version 2.0.4 is installed

          However the report says PATCHSTACK214DC9DB7704421BD0A514BE0AE4E29 which is for https://wordpress.org/plugins/font-awesome/ 4.0.0-RC15 - 4.0.0-RC16 (11 Mar 2020)
          https://wordpress.org/plugins/better-font-awesome/, a totally different plugin

          Comment

          • alevchenko
            Administrator
            • Mar 2023
            • 86

            #6
            Hi Paul,

            Please submit a ticket to our Support Team so that our Engineers can better assist you with this case: https://cloudlinux.zendesk.com/agent/
            If the situation requires our developers' involvement, our team will assist you more efficiently via the ticket.

            We'll monitor the case and post the outcome in this thread for further reference by other forum visitors.

            Comment

            Working...