Notification on a vulnerable WordPress version detected
The Imunify Security team is always working hard to ensure you’re receiving the highest level of protection possible. Now we’re setting up a number of notifications to inform you about potentially threatening configurations on your server. Whenever you receive a message from us that starts like this …
“Dear Administrator,
We are reaching out to you to keep you informed on security threats. The list below shows vulnerable software that has been detected in your environment:
- Actively Exploited Plugin Vulnerability - /home/johndoe/public_html
- Severity: CRITICAL
- WordPress 6.0
- Affected Plugin: Download Manager
- Affected Versions: <= 3.2.42
- …”
…Please know that it is exactly what it says on the tin — the software that you run on the server has been found to be vulnerable. A malicious actor may use such vulnerability to disrupt the work of the website, steal the data, etc. We urge you to proceed with one of the options listed in the message, in this case there are two options available:
- Contact the WordPress administrator(s) responsible for these websites to convey the urgency of installing the recommended updates
- Upgrade to Imunify360 to mitigate the server-wide risk that all unpatched and undiscovered vulnerabilities carry.
Should you have any questions or need help, please don’t hesitate to reach out to our support team
Stay tuned to our notifications and upcoming changes.