advanced-custom-fields version 6.3.12 has vulnerability(s)

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • akots
    replied
    Hi Paul,

    Please submit a ticket to our Support Team so that our Engineers can better assist you with this case: https://cloudlinux.zendesk.com/agent/
    If the situation requires our developers' involvement, our team will assist you more efficiently via the ticket.

    We'll monitor the case and post the outcome in this thread for further reference by other forum visitors.

      Leave a comment:

    • paul
      replied
      Originally posted by paul
      OK, I just got this today ....



      All the Patchstack ID's are wrong, wrong version, wrong plugin.

      Do i need to put in a support request as I can't trust the data it is sending and it is misleading?
      eg

      better-font-awesome https://wordpress.org/plugins/better-font-awesome/ version 2.0.4 is installed

      However the report says PATCHSTACK214DC9DB7704421BD0A514BE0AE4E29 which is for https://wordpress.org/plugins/font-awesome/ 4.0.0-RC15 - 4.0.0-RC16 (11 Mar 2020)
      https://wordpress.org/plugins/better-font-awesome/, a totally different plugin

        Leave a comment:

      • paul
        replied
        OK, I just got this today ....

        Dear Administrator,

        This message is to provide you important information regarding web server security. Please note that the following software in your environment is considered to be outdated or vulnerable:
        • advanced-custom-fields version 6.3.12 that is located at /home/xxx0/public_html has vulnerability(s):
          • PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
        • advanced-custom-fields version 6.3.12 that is located at /home/xxx1/public_html has vulnerability(s):
          • PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
        • advanced-custom-fields version 6.3.12 that is located at /home/xxx2/public_html has vulnerability(s):
          • PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
        • better-font-awesome version 2.0.4 that is located at /home/xxxx3/public_html has vulnerability(s):
          • PATCHSTACK214DC9DB7704421BD0A514BE0AE4E29
        All the Patchstack ID's are wrong, wrong version, wrong plugin.

        Do i need to put in a support request as I can't trust the data it is sending and it is misleading?

          Leave a comment:

        • paul
          replied
          Originally posted by alevchenko
          Hi Paul,

          Please mind that ImunifyAV collects information about vulnerable/outdated software with the help of third-party providers, in this case, Patchstack, the emails are then sent for informational purposes to customers in order to prevent possible infections by taking the recommended actions.​

          I see we had another report regarding PATCHSTACK:BD9D311515BB184495B0975518D5B4E0 which was reported to our developers.

          According to them, this was an incorrect date from vulners: https://vulners.com/patchstack/PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
          Currently, we removed this record from our service, suppressing this notification.

          Please let us know if notifications are still delivered to you.
          Thanks for your reply, unfortunately notifications are still being sent as of today.

            Leave a comment:

          • akots
            replied
            Hi Paul,

            Please mind that ImunifyAV collects information about vulnerable/outdated software with the help of third-party providers, in this case, Patchstack, the emails are then sent for informational purposes to customers in order to prevent possible infections by taking the recommended actions.​

            I see we had another report regarding PATCHSTACK:BD9D311515BB184495B0975518D5B4E0 which was reported to our developers.

            According to them, this was an incorrect date from vulners: https://vulners.com/patchstack/PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
            Currently, we removed this record from our service, suppressing this notification.

            Please let us know if notifications are still delivered to you.

              Leave a comment:

            • paul
              started a topic advanced-custom-fields version 6.3.12 has vulnerability(s)

              advanced-custom-fields version 6.3.12 has vulnerability(s)

              I am getting this notice...

              advanced-custom-fields version 6.3.12 that is located at /home/zzz/public_html has vulnerability(s):
              PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
              advanced-custom-fields version 6.3.12 that is located at /home/yyy/public_html has vulnerability(s):
              PATCHSTACK:BD9D311515BB184495B0975518D5B4E0
              advanced-custom-fields version 6.3.12 that is located at /home/xxx/public_html has vulnerability(s):
              PATCHSTACK:BD9D311515BB184495B0975518D5B4E0​

              However Patchstack has no No known vulnerabilities found and changelogs show latest release is 6.3.12 https://www.advancedcustomfields.com/changelog/

              Any ideas about what's going on?
              Tags: None
              Previous template Next
              Working...

              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

              I Agree