CrowdSignal-Forms
-
I’m getting an error in Jetpack that says that one of my plug-ins needs an update. They’re also giving me an option to get a quote to have someone fix it.
Do I need to pay someone to fix this? Or will this plug-in issue a update so that I can just update the plug-in?
The blog I need help with is: (visible only to logged in users)
-
You definitely do not need to pay for a quote to fix a standard plugin update, as that offer is likely an automated third-party upsell rather than a requirement for your site. Since sccmarkansas.wpcomstaging.com is on a managed WordPress.com plan, you can usually handle this yourself for free by navigating to Plugins > Installed Plugins and clicking the “Update Now” link next to the flagged plugin. If the update isn’t appearing yet, the developer is likely still finalizing the new version, and it will show up in your dashboard automatically once it’s released. Furthermore, because you are on a Business or Commerce-tier staging site, you already have access to “Happiness Engineer” support; instead of paying for a separate service, you can simply open a live chat with WordPress.com support, and they will often perform the update or troubleshoot the conflict for you as part of your existing subscription.
-
I have the same issue on my two upgraded sites. This is not a simple update to a plugin which is usually handled directly by WordPress.com itself.
There is a notice in Jetpack Scan “found a vulnerable plugin. crowdsignal-forms (version 1.7.2) has a known vulnerability. Crowdsignal Forms <= 1.7.2 – Missing Authorization” noting that Jetpack Scan cannot resolve this automatically and recommending that it be resolved manually.
Since Crowdsignal is an Automattic product, from the same parent company as WordPress.com, I find this recommendation very odd and have flagged your thread for forum staff input.
In the meantime, on my sites I disabled the plugin from Plugins>Installed Plugins.
WordPress.com Forums 