Yoast SEO vulnerability warning even it’s the fixed version | WordPress.org

Resolved Mayeenul Islam
(@wzislam)

7 years, 3 months ago

Screenshot: https://prnt.sc/hb4cbw

Yoast SEO active version is current, and it’s 5.8 – the vulnerability fixed version according to WP Scan. But it’s still displaying the vulnerability warning and is sending email.

I think, I repeat think, the WP Scan version identification has some kind of bug: it cannot detect that: 5.8.0 = 5.8.

Viewing 1 replies (of 1 total)

Plugin Author Storm Rockwell
(@stormrockwell)

7 years, 3 months ago
You are exactly right. They entered the vulnerability fixed in with an extra ‘.0’ which throws off the PHP version_compare function. I just added a function to convert all formats to 0.0.0 format just in case this happens again.

Thanks for the post.
- This reply was modified 7 years, 3 months ago by Storm Rockwell.

Viewing 1 replies (of 1 total)

The topic ‘Yoast SEO vulnerability warning even it’s the fixed version’ is closed to new replies.

In: Plugins
1 reply
2 participants
Last reply from: Storm Rockwell
Last activity: 7 years, 3 months ago
Status: resolved