via pluginvulnerabilities.com => original post link
As we have documented multiple times before, Wordfence is providing highly inaccurate information on vulnerabilities in WordPress plugins. We keep running into more examples of that. Earlier this week someone contacted the developer of a plugin about Wordfence’s claim that there was a vulnerability in their plugin, where things very seemed off:
The Wordfence plugin reported that the plugin has a security vulnerability. When I look at this page https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/iubenda-cookie-law-solution/iubenda-357-reflected-cross-site-scripting its shows the problem is fixed with version 3.5.8. But the version on wordpress.org is only 3.4.1 [Read more]