Closed ttrowell closed 1 year ago
danielbachhuber
commented
8 years ago In the Statuses for the Development Environment, the Plugins section is showing a vulnerability for an old version of a plugin that I do not have installed. I have a much newer version installed.
Can you provide the output of wp plugin list for the environment?
RichAyotte
commented
8 years ago $ wp plugin list
+------------------------+----------+--------+---------+
| name | status | update | version |
+------------------------+----------+--------+---------+
| advanced-custom-fields | active | none | 4.4.6 |
| gravityforms | active | none | 1.9.18 |
| LayerSlider | active | none | 5.6.3 |
| media-search-enhanced | active | none | 0.8.0 |
| office-move-pro | active | none | 0.02 |
| safe-svg | active | none | 1.2.0 |
| wordpress-seo | active | none | 3.1.2 |
| pantheon | must-use | none | 0.1 |
+------------------------+----------+--------+---------+Thanks @RichAyotte. WP Launch Check is reporting the vulnerability because it understands LayerSlider to be at version 5.6.3.
To this statement:
I have a much newer version installed.
Can you verify that the newer version is actually installed?
RichAyotte
commented
8 years ago 5.6.3 is installed and not vulnerable according to the author.
RichAyotte
commented
8 years ago WP Launch Check is reporting the vulnerability because it understands LayerSlider to be at version 4.6.1 not the actually installed version 5.6.3.
rubelyn
commented
8 years ago The plugin version is 2.02.05 but the status is showing 2 vulnerabilities: https://wpvulndb.com/plugins/formidable.
The latest known vulnerability was fixed in version 2.0.
Here's the output for wp plugin list:
Case #69083
stevector
commented
7 years ago I haven't been able to reproduce this exact problem, but in investigating, I've found something potentially related
Here's a Pantheon site where wp plugin list on the Dev environment correctly reports that some plugins have updates available.
terminus wp redacted.dev -- plugin list
+-------------------------+----------+-----------+---------+
| name | status | update | version |
+-------------------------+----------+-----------+---------+
| akismet | inactive | available | 3.1.5 |
| debug-bar | active | none | 0.8.4 |
| dependency-minification | active | none | 0.9.8 |
| wp-gfm | active | none | 0.8 |
| hello | inactive | none | 1.6 |
| redirection | active | available | 2.4.4 |
| timber | active | none | 0.22.1 |
| debug-bar-timber | active | none | 0.3 |
| wp-github-sync | active | available | 1.6.1 |
| pantheon | must-use | none | 0.1 |
+-------------------------+----------+-----------+---------+The Test and Live environment have the same versions of the plugins but do not report updates as being available
terminus wp redacted.test -- plugin list
+-------------------------+----------+--------+---------+
| name | status | update | version |
+-------------------------+----------+--------+---------+
| akismet | inactive | none | 3.1.5 |
| debug-bar | active | none | 0.8.4 |
| dependency-minification | active | none | 0.9.8 |
| wp-gfm | active | none | 0.8 |
| hello | inactive | none | 1.6 |
| redirection | active | none | 2.4.4 |
| timber | active | none | 0.22.1 |
| debug-bar-timber | active | none | 0.3 |
| wp-github-sync | active | none | 1.6.1 |
| pantheon | must-use | none | 0.1 |
+-------------------------+----------+--------+---------+The output of Launch Check is similar. Dev knows about the updates being available:
But Live does not:
kscheirer
commented
6 years ago I'm seeing this behavior as well, seemingly across lots of plugins. Launch check (status tab) shows similar output.
terminus wp [site].live plugin list
+---------------------------------------+----------+--------+---------+
| name | status | update | version |
+---------------------------------------+----------+--------+---------+
| akismet | inactive | none | 3.1.5 |
| contact-form-7 | active | none | 5.0 |
| contact-form-7-simple-recaptcha | active | none | 0.0.2 |
| contact-form-cfdb7 | active | none | 1.1.6 |
| envato-wordpress-toolkit | active | none | 1.7.2 |
| hello | inactive | none | 1.6 |
| LayerSlider | inactive | none | 5.6.9 |
| kiwi-logo-carousel | active | none | 1.7.4 |
| mailchimp | active | none | 1.5.7 |
| wp-native-php-sessions | active | none | 0.6.5 |
| popup-by-supsystic | active | none | 1.9.17 |
| popup-maker | inactive | none | 1.6.6 |
| qode-instagram-widget | active | none | 1.1 |
| qode-twitter-feed | active | none | 1.0 |
| revslider | active | none | 5.1 |
| ultimate-carousel-for-visual-composer | active | none | 2.4 |
| js_composer | active | none | 4.12 |
| wp-client-logo-carousel | inactive | none | 3.0.0 |
| wpforms-lite | active | none | 1.4.4.1 |
| wp-slick-slider-and-image-carousel | inactive | none | 1.3.4 |
| pantheon | must-use | none | 0.1 |
+---------------------------------------+----------+--------+---------+terminus wp [site].dev plugin list
+---------------------------------------+----------+-----------+---------+
| name | status | update | version |
+---------------------------------------+----------+-----------+---------+
| akismet | inactive | available | 3.1.5 |
| contact-form-7 | active | available | 5.0 |
| contact-form-7-simple-recaptcha | active | none | 0.0.2 |
| contact-form-cfdb7 | active | available | 1.1.6 |
| envato-wordpress-toolkit | active | none | 1.7.2 |
| hello | inactive | none | 1.6 |
| LayerSlider | active | none | 5.6.9 |
| kiwi-logo-carousel | active | none | 1.7.4 |
| mailchimp | active | none | 1.5.7 |
| wp-native-php-sessions | active | none | 0.6.5 |
| popup-by-supsystic | active | available | 1.9.17 |
| popup-maker | inactive | none | 1.6.6 |
| qode-instagram-widget | active | none | 1.1 |
| qode-twitter-feed | active | none | 1.0 |
| revslider | active | none | 5.1 |
| ultimate-carousel-for-visual-composer | active | none | 2.4 |
| js_composer | active | available | 4.12 |
| wp-client-logo-carousel | inactive | none | 3.0.0 |
| wpforms-lite | active | none | 1.4.4.1 |
| wp-slick-slider-and-image-carousel | inactive | none | 1.3.4 |
| pantheon | must-use | none | 0.1 |
+---------------------------------------+----------+-----------+---------+
jazzsequence
commented
1 year ago This issue should have been resolved in a recent update and hasn't been shown to be an issue since the last update in 2018. Closing this ticket but it can be re-opened if this issue is still persisting with the latest version of wp_launch_check.
In the Statuses for the Development Environment, the Plugins section is showing a vulnerability for an old version of a plugin that I do not have installed. I have a much newer version installed.
!https://dl.dropboxusercontent.com/1/view/oeukmymzmmx4e0r/Apps/Shutter/Selection_091.png
The wpvulndb shows 2 vulnerabilities: https://wpvulndb.com/plugins/LayerSlider
But they've been fixed long ago and are fixed in the version that I have installed. http://codecanyon.net/item/layerslider-responsive-wordpress-slider-plugin-/1362246/comments?page=234&filter=all#comment_6234231
Case #59346