Hi, Good Morning I use the wpDataTables – Tables & Table Charts which is a free version plugin that you develop. The problem is when I click the security warning wpDataTables is the name there and it says it fixed on version 3.4.2. But the latest version of wpDataTables – Tables & Table Charts is 2.1.12.
Could you please explain the issue you are facing in a bit more detail, and provide us with some screenshots or a screen recording if possible, so we can get a better understanding and find the best solution?
Hi sorry for the late response, Here's the screenshot for the vulnerabilities error. It's really weird why I get this error on wpDataTables < 3.4.2 were I only using your free version which is the wpDataTables - Tables & Table Charts v2.1.13.
The vulnerability was only found in the full version of the plugin, but since there's no full version on the WordPress.org repo, Lite versions are also detected, but this is a false alarm.
Files from the lib folder are not being executed, but that's coming from the library we're using for other functionalities of the plugin. Ones that are not from lib - the data attributes for dynamic sending or showing data - are not being used.
We will update the plugin to the fixed version of Boostrap, and after it goes through proper testing it will be included in one of our next updates.
It's a false alarm, so to speak.
There is a security vulnerability regarding Bootstrap 3.3.7. It says that “Affected versions of this package are vulnerable to Cross-Site Scripting (XSS) attacks via the data-target attribute.
The so-called vulnerability only occurs if the data-target value relies on data injected by something external (directly or indirectly) AND is shown on a page where other users than the attacker are affected.
We will update the plugin to the fixed version of Boostrap, and after it goes through proper testing it will be included in one of our next updates.
Unfortunately this has not been added in our latest update as our developers need to finish testing for all cases, but once again there is no real threat there, it is a "false alarm".
Do let us know if there is anything else we can assist you with.
You already made an update on the plugin, but why the Critical Vulnerability for this plugin is still showing? it's been 7 months and the issue are still showing.
Sorry for the late response. Our team is cut in half due to Covid-19 infections, so our response times are longer than usual. Thank you for your patience!
As Blaženka already mentioned in one of her previous responses:
The vulnerability was only found in the full version of the plugin, but since there's no full version on the WordPress.org repo, Lite versions are also detected, but this is a false alarm.
If you need some further explanation about this, please let us know.
Hi, Good Morning I use the wpDataTables – Tables & Table Charts which is a free version plugin that you develop. The problem is when I click the security warning wpDataTables is the name there and it says it fixed on version 3.4.2. But the latest version of wpDataTables – Tables & Table Charts is 2.1.12.
Hi Rodel
Thank you for reaching out to us.
Could you please explain the issue you are facing in a bit more detail, and provide us with some screenshots or a screen recording if possible, so we can get a better understanding and find the best solution?
Hi sorry for the late response, Here's the screenshot for the vulnerabilities error. It's really weird why I get this error on wpDataTables < 3.4.2 were I only using your free version which is the wpDataTables - Tables & Table Charts v2.1.13.
Hi Rodel
The vulnerability was only found in the full version of the plugin, but since there's no full version on the WordPress.org repo, Lite versions are also detected, but this is a false alarm.
Files from the lib folder are not being executed, but that's coming from the library we're using for other functionalities of the plugin. Ones that are not from lib - the data attributes for dynamic sending or showing data - are not being used.
We will update the plugin to the fixed version of Boostrap, and after it goes through proper testing it will be included in one of our next updates.
It's a false alarm, so to speak.
There is a security vulnerability regarding Bootstrap 3.3.7. It says that “Affected versions of this package are vulnerable to Cross-Site Scripting (XSS) attacks via the data-target attribute.
The so-called vulnerability only occurs if the data-target value relies on data injected by something external (directly or indirectly) AND is shown on a page where other users than the attacker are affected.
Hi Good Morning,
You already made an update on the plugin, but why the Critical Vulnerability for this plugin is still showing?
Hi Rodel
As I said in my previous reply
We will update the plugin to the fixed version of Boostrap, and after it goes through proper testing it will be included in one of our next updates.
Unfortunately this has not been added in our latest update as our developers need to finish testing for all cases, but once again there is no real threat there, it is a "false alarm".
Do let us know if there is anything else we can assist you with.
Heya, sorry for the late reply, Alrighty thanks. I hope soon on the next update it would be resolved.
You are most welcome
If there is anything else we can assist you with please don't hesitate to open a new ticket.
Have a wonderful day!
Hi Good Morning,
You already made an update on the plugin, but why the Critical Vulnerability for this plugin is still showing? it's been 7 months and the issue are still showing.
Hello Rodel.
Sorry for the late response. Our team is cut in half due to Covid-19 infections, so our response times are longer than usual. Thank you for your patience!
As Blaženka already mentioned in one of her previous responses:
The vulnerability was only found in the full version of the plugin, but since there's no full version on the WordPress.org repo, Lite versions are also detected, but this is a false alarm.
If you need some further explanation about this, please let us know.
Kind Regards,
Aleksandar Vuković
[email protected]
Rate my support
wpDataTables: FAQ | Facebook | Twitter | Instagram | Front-end and back-end demo | Docs
Amelia: FAQ | Facebook | Twitter | Instagram | Amelia demo sites | Docs | Discord Community
You can try wpDataTables add-ons before purchasing on these sandbox sites:
Powerful Filters | Gravity Forms Integration for wpDataTables | Formidable Forms Integration for wpDataTables | Master-Detail Tables