According to the attached mail, wp engine says that this plugin has a vulnerability issue also we have installed the latest version for WPML String Translation is Version 3.2.6 on our site and email still send to us
What I mean by that is that there are online databases (Patchstack database for example) where these vulnerabilities are stored. That's the place where security plugins take their updates on known vulnerabilities and malware.
As long as that online database is not updated, you might still see the notification popping up in your site.
But as long as you have updated the plugin to the version that I mentioned, I am letting you know that there is no vulnerability.
