Theme false Positive

  • Resolved blue_life

    (@blue_life)


    4 months, 3 weeks ago

    Hi Wordfence Team,

    I’m getting a recurring alert in Wordfence that says:

    Authentic ≤ 2.0.4 – Arbitrary File Download
    The Authentic theme for WordPress is vulnerable to arbitrary file download in versions up to and including 2.0.4.
    https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-themes/authentic/authentic-204-arbitrary-file-download
    this error dates to 2014.

    However, my theme is Authentic by Code Supply Co., currently on version 7.2.3.
    This is a completely different product from the older “Authentic” theme referenced in the vulnerability report.

    Details:

    Theme: Authentic by Code Supply Co.
    Version: 7.2.5 (last update sep.2025)
    Theme URI: https://codesupply.co/themes/authentic/

    and ther eis download.php file inside the theme
    It looks like Wordfence is matching my current theme to a different, outdated one (?) that happens to share the same name.
    Could you please confirm if this is a false positive and, if possible, adjust the signature or database record to avoid this confusion?

    Thank you very much for your help,
    • This topic was modified 4 months, 3 weeks ago by blue_life.
Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support wfpeter

    (@wfpeter)

    4 months, 2 weeks ago

    Hi @blue_life, thanks for reaching out!

    The theme slug may well match the older vulnerable theme, but it does seem strange that 7.2.5 would flag for an issue seen on version 2.0.4 or lower. I will see if the Threat Intelligence team can take a look into it and will provide you with feedback once I know some more.

    Peter.

    Thread Starter blue_life

    (@blue_life)

    4 months, 2 weeks ago

    Thank you!

    Plugin Support wfpeter

    (@wfpeter)

    4 months, 2 weeks ago

    Hi @blue_life,

    The issue is definitely occurring due to your theme slug matching the vulnerable theme’s slug. As the other one is unpatched, we’re unable to mark it as abandoned or safely ignore higher version numbers. We can only reliably identify themes and plugins by their slug names since some will change their displayed name over time. The wordpress.org repository effectively forces unique slugs due to there being related plugin pages, forums, etc. but it’s harder to ensure this from external sources.

    You can choose to ignore the scan result in Wordfence, although the issue will be flagged again whenever the theme is updated. This is by design to ensure customers don’t forget about updating vulnerable plugins/themes over time. The theme developer may be willing to change the slug to something unique in a future update if they’re made aware that it matches that of a known vulnerable theme.

    Many thanks,
    Peter.

    Thread Starter blue_life

    (@blue_life)

    4 months, 2 weeks ago

    Thank you so much for your prompt feedback. I’ll ignore the scan result in Wordfence, it’s up to the dev’s to check on that.
    Cheers,

    Plugin Support wfpeter

    (@wfpeter)

    4 months, 2 weeks ago

    No worries @blue_life, we’re always happy to help where we can. The Threat Intelligence team are now aware of this, so we will take action if there is anything we can do in the future.

    Thanks again,
    Peter.

Viewing 5 replies - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.