Bug in White Label 2.0.0 – 2.0.2: Plugin Updates Hidden

We believe it’s important to be transparent about our mistakes. Unfortunately, we have discovered a bug that hides plugin updates while White Label is active.

The bug does not break anything and is not a security hole. It simply hides plugin updates while a previous version of White Label is enabled through the settings page. 

The bug affects White Label Free & White Label Pro version 2.0.0 through 2.0.2. We estimate that there were approximately 800 downloads between January 1st, 2020, and January 11th, 2020. If you have downloaded White Label within those 11 days, then your site may be affected.


How to View Plugin Updates Again

If you have White Label version 2.0.0 through 2.0.2 installed on your site you’ll need to go to the White Label settings page and temporarily disable White labeling from the general tab. Deactivating or uninstalling the plugin will also restore the updates.

Please ensure that you update to version 2.0.3 before re-enabling. This bug has been patched and it will not happen again.


Download the Fixed Version

You are safe to update the plugin after White Label has been turned off or deactivated. The fixed version (2.0.3) has already been released. You can also manually download the latest version that includes the patch.


How Did This Happen?

Unfortunately, this bug was an oversight on our behalf. We’re sorry for any confusion and frustration that this bug may have caused. The bug was within the new feature that allows White Label Administrators to hide plugin updates from regular administrators.

The feature makes use of the WordPress update transient. It hooks in and removes the selected plugins from the update details. The bug happens while any White Label Administrators are viewing the site. The mistake was made when exiting the site_transient_update_plugins filter early for White Label Administrators without returning update details again.

The bug happened because the function returned empty. It should have returned with the updated details.

function white_label_hide_plugin_updates($value) {
    if (white_label_is_wl_admin()){
        return;
    }
...

The fixed version correctly returns the WordPress plugin update details that are inside the $value parameter. Here is how the fixed version looks:

function white_label_hide_plugin_updates($value) {
    // Exit early if it's WL Admin.
    if (white_label_is_wl_admin()){
        return $value;
    }
...

Again, we are very sorry for any inconvenience that the bug has caused. If you are experiencing ongoing issues please don’t hesitate to contact us via our Support form.