Variable Inspector false positive valnerability | WordPress.org

Pexle Chris
(@pexlechris)

6 days, 23 hours ago

Hello,

As you can see at this post the Author of Variable Inspector plugin has release an update fixing the CVE-2025-32229. But why I still got messages for this from Wordfence??

Viewing 1 replies (of 1 total)

Plugin Support wfpeter
(@wfpeter)

6 days, 1 hour ago

Hi @pexlechris,

Our reporting of this seems to be down to the vulnerability being verified and the CVE being issued by Patchstack. Wordfence will report these, even though we weren’t the entity that decided it was a valid vulnerability.

When a fix is confirmed by Patchstack, Wordfence will update shortly afterwards. We can sometimes check for a fix ourselves, but would need the plugin’s developer to reach out to us privately with the full report.

Thanks,
Peter.

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.

2 replies
2 participants
Last reply from: wfpeter
Last activity: 6 days, 1 hour ago
Status: not resolved