CVE 2024-9204 wrong version info

  • Resolved lostwizard

    (@lostwizard)


    6 months ago

    Cleantalk’s information page lists version 11.4.8 of the “Smart Custom 404 error page” WordPress plugin as vulnerable to CVE-2024-9204. However, the actual CVE report shows 11.4.8 as the *patched* version and shows 11.4.7 as the last vulnerable version. As a result, a spurious “vulnerable plugin” warning appears.

    The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support sergecleantalk

    (@sergecleantalk)

    6 months ago

    Hello,

    I will ask our developers to check this. We will contact you within 1-2 business days.

    Thread Starter lostwizard

    (@lostwizard)

    6 months ago

    Judging from a couple other posts since I made mine, you may have a more general issue related to how you flag the patched versions in CVEs. In all of the cases, it’s off by one and marking the patched version as still vulnerable.

    Plugin Support katereji

    (@katereji)

    5 months, 4 weeks ago

    Hello @lostwizard

    Thank you for noticing. We are currently working on it and will let you know the results within 24-48 hours.

    Plugin Support dimitrycleantalk

    (@dimitrycleantalk)

    5 months, 4 weeks ago

    Hello @lostwizard,

    Thank you for waiting.

    We’ve fixed this issue. If you still see the banner, then click “Synchronize with Cloud” in the plugin settings, wait until the rotating icon disappears and refresh the page.

    Did it help you?

    Plugin Support eugenecleantalk

    (@eugenecleantalk)

    5 months, 3 weeks ago

    Hello.

    We haven’t heard back from you in a few days, so I’m going to mark this topic as “resolved”. If you have any further questions, you can start a new topic or contact us via our private Ticket System: https://cleantalk.org/my/support/open.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.