Closed ttrowell closed 1 year ago
In the Statuses for the Development Environment, the Plugins section is showing a vulnerability for an old version of a plugin that I do not have installed. I have a much newer version installed.
Can you provide the output of wp plugin list
for the environment?
$ wp plugin list
+------------------------+----------+--------+---------+
| name | status | update | version |
+------------------------+----------+--------+---------+
| advanced-custom-fields | active | none | 4.4.6 |
| gravityforms | active | none | 1.9.18 |
| LayerSlider | active | none | 5.6.3 |
| media-search-enhanced | active | none | 0.8.0 |
| office-move-pro | active | none | 0.02 |
| safe-svg | active | none | 1.2.0 |
| wordpress-seo | active | none | 3.1.2 |
| pantheon | must-use | none | 0.1 |
+------------------------+----------+--------+---------+
Thanks @RichAyotte. WP Launch Check is reporting the vulnerability because it understands LayerSlider to be at version 5.6.3.
To this statement:
I have a much newer version installed.
Can you verify that the newer version is actually installed?
5.6.3 is installed and not vulnerable according to the author.
WP Launch Check is reporting the vulnerability because it understands LayerSlider to be at version 4.6.1 not the actually installed version 5.6.3.
The plugin version is 2.02.05 but the status is showing 2 vulnerabilities: https://wpvulndb.com/plugins/formidable.
The latest known vulnerability was fixed in version 2.0.
Here's the output for wp plugin list
:
Case #69083
I haven't been able to reproduce this exact problem, but in investigating, I've found something potentially related
Here's a Pantheon site where wp plugin list
on the Dev environment correctly reports that some plugins have updates available.
terminus wp redacted.dev -- plugin list
+-------------------------+----------+-----------+---------+
| name | status | update | version |
+-------------------------+----------+-----------+---------+
| akismet | inactive | available | 3.1.5 |
| debug-bar | active | none | 0.8.4 |
| dependency-minification | active | none | 0.9.8 |
| wp-gfm | active | none | 0.8 |
| hello | inactive | none | 1.6 |
| redirection | active | available | 2.4.4 |
| timber | active | none | 0.22.1 |
| debug-bar-timber | active | none | 0.3 |
| wp-github-sync | active | available | 1.6.1 |
| pantheon | must-use | none | 0.1 |
+-------------------------+----------+-----------+---------+
The Test and Live environment have the same versions of the plugins but do not report updates as being available
terminus wp redacted.test -- plugin list
+-------------------------+----------+--------+---------+
| name | status | update | version |
+-------------------------+----------+--------+---------+
| akismet | inactive | none | 3.1.5 |
| debug-bar | active | none | 0.8.4 |
| dependency-minification | active | none | 0.9.8 |
| wp-gfm | active | none | 0.8 |
| hello | inactive | none | 1.6 |
| redirection | active | none | 2.4.4 |
| timber | active | none | 0.22.1 |
| debug-bar-timber | active | none | 0.3 |
| wp-github-sync | active | none | 1.6.1 |
| pantheon | must-use | none | 0.1 |
+-------------------------+----------+--------+---------+
The output of Launch Check is similar. Dev knows about the updates being available:
But Live does not:
I'm seeing this behavior as well, seemingly across lots of plugins. Launch check (status tab) shows similar output.
terminus wp [site].live plugin list
+---------------------------------------+----------+--------+---------+
| name | status | update | version |
+---------------------------------------+----------+--------+---------+
| akismet | inactive | none | 3.1.5 |
| contact-form-7 | active | none | 5.0 |
| contact-form-7-simple-recaptcha | active | none | 0.0.2 |
| contact-form-cfdb7 | active | none | 1.1.6 |
| envato-wordpress-toolkit | active | none | 1.7.2 |
| hello | inactive | none | 1.6 |
| LayerSlider | inactive | none | 5.6.9 |
| kiwi-logo-carousel | active | none | 1.7.4 |
| mailchimp | active | none | 1.5.7 |
| wp-native-php-sessions | active | none | 0.6.5 |
| popup-by-supsystic | active | none | 1.9.17 |
| popup-maker | inactive | none | 1.6.6 |
| qode-instagram-widget | active | none | 1.1 |
| qode-twitter-feed | active | none | 1.0 |
| revslider | active | none | 5.1 |
| ultimate-carousel-for-visual-composer | active | none | 2.4 |
| js_composer | active | none | 4.12 |
| wp-client-logo-carousel | inactive | none | 3.0.0 |
| wpforms-lite | active | none | 1.4.4.1 |
| wp-slick-slider-and-image-carousel | inactive | none | 1.3.4 |
| pantheon | must-use | none | 0.1 |
+---------------------------------------+----------+--------+---------+
terminus wp [site].dev plugin list
+---------------------------------------+----------+-----------+---------+
| name | status | update | version |
+---------------------------------------+----------+-----------+---------+
| akismet | inactive | available | 3.1.5 |
| contact-form-7 | active | available | 5.0 |
| contact-form-7-simple-recaptcha | active | none | 0.0.2 |
| contact-form-cfdb7 | active | available | 1.1.6 |
| envato-wordpress-toolkit | active | none | 1.7.2 |
| hello | inactive | none | 1.6 |
| LayerSlider | active | none | 5.6.9 |
| kiwi-logo-carousel | active | none | 1.7.4 |
| mailchimp | active | none | 1.5.7 |
| wp-native-php-sessions | active | none | 0.6.5 |
| popup-by-supsystic | active | available | 1.9.17 |
| popup-maker | inactive | none | 1.6.6 |
| qode-instagram-widget | active | none | 1.1 |
| qode-twitter-feed | active | none | 1.0 |
| revslider | active | none | 5.1 |
| ultimate-carousel-for-visual-composer | active | none | 2.4 |
| js_composer | active | available | 4.12 |
| wp-client-logo-carousel | inactive | none | 3.0.0 |
| wpforms-lite | active | none | 1.4.4.1 |
| wp-slick-slider-and-image-carousel | inactive | none | 1.3.4 |
| pantheon | must-use | none | 0.1 |
+---------------------------------------+----------+-----------+---------+
This issue should have been resolved in a recent update and hasn't been shown to be an issue since the last update in 2018. Closing this ticket but it can be re-opened if this issue is still persisting with the latest version of wp_launch_check.
In the Statuses for the Development Environment, the Plugins section is showing a vulnerability for an old version of a plugin that I do not have installed. I have a much newer version installed.
!https://dl.dropboxusercontent.com/1/view/oeukmymzmmx4e0r/Apps/Shutter/Selection_091.png
The wpvulndb shows 2 vulnerabilities: https://wpvulndb.com/plugins/LayerSlider
But they've been fixed long ago and are fixed in the version that I have installed. http://codecanyon.net/item/layerslider-responsive-wordpress-slider-plugin-/1362246/comments?page=234&filter=all#comment_6234231
Case #59346