WordPress Toolkit found site vulnerabilities

[kgs]

Howdy,

WordPress Toolkit sent me a notification this morning. I have already contacted the plugin author. The plugin in question was updated 2 weeks ago, and I'm running the current version of both WP and the plugin. The notification listed the name of the plugin and the version number.

Site Vulnerabilities Found: WordPress Toolkit has detected known vulnerabilities on WordPress sites under your care. It is strongly recommended to update or disable vulnerable assets on these sites.

My question is: from where does CPanel/Wordpress Toolkit determine what is a known vulnerability? Is there a list somewhere? I'm seeing no indication anywhere else that there is an issue with this actively maintained plugin with 50,000+ active installations.

Thanks!

 

[cPRex]

Hey there! Let me poke the team and I'll see what they have to say!

 

[cPRex]

I confirmed with the team that "vulnerability info is fetched from our service in real-time" so if you're seeing odd behavior with that tool could you please submit a ticket to our team so we can check the affected server?

 

[cPRex]

Update - the information is pulled on an hourly basis from the Patchstack vulnerability database. Each vulnerability shown in WPT has a link to the details page on the Patchstack website.

If those aren't working how you expect, a ticket will still be the best way to get that examined.