WordPress Toolkit found site vulnerabilities

kgs

Active Member
Dec 15, 2020
40
4
8
USA
cPanel Access Level
Root Administrator
Howdy,

WordPress Toolkit sent me a notification this morning. I have already contacted the plugin author. The plugin in question was updated 2 weeks ago, and I'm running the current version of both WP and the plugin. The notification listed the name of the plugin and the version number.

Site Vulnerabilities Found: WordPress Toolkit has detected known vulnerabilities on WordPress sites under your care. It is strongly recommended to update or disable vulnerable assets on these sites.
My question is: from where does CPanel/Wordpress Toolkit determine what is a known vulnerability? Is there a list somewhere? I'm seeing no indication anywhere else that there is an issue with this actively maintained plugin with 50,000+ active installations.

Thanks!
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,632
363
cPanel Access Level
Root Administrator
I confirmed with the team that "vulnerability info is fetched from our service in real-time" so if you're seeing odd behavior with that tool could you please submit a ticket to our team so we can check the affected server?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
10,360
1,632
363
cPanel Access Level
Root Administrator
Update - the information is pulled on an hourly basis from the Patchstack vulnerability database. Each vulnerability shown in WPT has a link to the details page on the Patchstack website.

If those aren't working how you expect, a ticket will still be the best way to get that examined.