False Security Threats

  • Resolved sjonespl16

    (@sjonespl16)


    2 years, 3 months ago

    Under my Site Health status from Jetpack, it alerts me to a security threat that does not exist. How do I get it to go away?

    The security threat they identify is real and did exist at one point. However, I have followed the protocol outlined to rectify the situation and my site is no longer being effected by the issue so why won’t it go away?

Viewing 9 replies - 1 through 9 (of 9 total)
  • Bruce (a11n)

    (@bruceallen)

    Happiness Engineer

    2 years, 3 months ago

    Hi @sjonespl16

    Could you please post your site URL here so that we can have a look?

    If you want it to remain private, you can also contact us via this contact form:

    https://jetpack.com/contact-support/?rel=support&hpi=1

    If you choose to reach out directly, please include a link to this thread.

    Thanks!

    Thread Starter sjonespl16

    (@sjonespl16)

    2 years, 3 months ago

    URL is https://ngpl.ca/

    I have not reached out directly because I read that support is reserved for those who have paid accounts and we are only using the free version. I have gone into the css files to locate the identified threat and deal with it as suggested by others but it doesn’t exist in the code. Now something very weird has happened, I just logged in and its no longer showing though it’s been there for months.

    Thread Starter sjonespl16

    (@sjonespl16)

    2 years, 3 months ago

    Nevermind it’s back.

    Bruce (a11n)

    (@bruceallen)

    Happiness Engineer

    2 years, 2 months ago

    Hi @sjonespl16

    Thanks for following up to share your website. We’re happy to help resolve the issue and it would be helpful to have some additional information about the threat you’ve encountered. Can you share a screenshot along with any other relevant information so we can advise further?

    You can create screenshots using something like Snipboard: https://snipboard.io/ or Imgur: https://imgur.com and post the link in a reply here.

    Thread Starter sjonespl16

    (@sjonespl16)

    2 years, 2 months ago

    Thanks Bruce. Below is a screenshot. Lately I am finding that sometimes it is there and other times it is not.

    I have followed all the links, from the protect overview page and follow more links to eventually end up on the ThemeRex page (https://themerex.net/wp/themerex-addons-vulnerability-fixed/) where they indicate that they have fixed the issue and instructions on how to see if a site is fixed or how to remove the affected code ourselves. I have followed all instructions and the code does not exist in our files so not sure why Jetpack Protect keeps insisting there is a threat.

    Jared

    (@dun2mis)

    2 years, 2 months ago

    Hello @sjonespl16 !

    I am on the Protect / Scan team at Automattic. Thank you for the details you’ve shared regarding your situation. After evaluating, we have updated the vulnerability information to now reflect that it is fixed in versions 1.70.3.1 and greater.

    If your theme is using a version of the plugin that is greater than 1.70.3.1, then the threat notification should go away. The vulnerability was also patched on select older versions. Allowing for time to reflect the change, please let us know if the notification has been cleared. Otherwise, we can look into adding the specific fixed version or otherwise removing the notification for you.

    • This reply was modified 2 years, 2 months ago by Jared.
    Plugin Support Tamirat B. (a11n)

    (@tamirat22)

    2 years, 2 months ago

    Hello @sjonespl16

    It’s been one week since this topic was last updated. I’m going to mark this thread as solved. If you have any further questions or need more help, you’re welcome to open another thread here. Cheers!

    Thread Starter sjonespl16

    (@sjonespl16)

    2 years, 2 months ago

    Hi there,

    Sorry! I have been meaning to respond. I checked as soon as Jared had said that it was fixed but it was still there so I left it a few days. I logged in this morning and it wasn’t there but as soon as I updated some plugins it came back.

    Jared

    (@dun2mis)

    2 years, 2 months ago

    Thank you for following up @sjonespl16 !

    It sounds like the specific version of ThemeREX you’re using was a patched one but earlier than 1.70.3.1. I will look into adding the previously patched specific version for you and we’ll see if that resolves the situation. I will update here again once that’s ready.

Viewing 9 replies - 1 through 9 (of 9 total)

The topic ‘False Security Threats’ is closed to new replies.