Security Software Flagged SEO Slider v1.1.0 as having vulnerabilities

Seems the developer isn’t responding here or properly patching the plugin. Also Wordfence lists it as potentially abandoned which seems to be the case. I have this same problem but I think the best solution is to rebuild your site without this plugin.

FWIW the developer was notified by a security team and has updated with a patch shortly after.

Where do I find the patch? It’s not showing up in the wp admin dashboard and the website is still being flagged with vulnerabilities due to the SEO Slider plugin. According to everything I see, the vulnerability still exists on the version still offered in WordPress plugin library: https://patchstack.com/database/vulnerability/seo-slider/wordpress-seo-slider-plugin-1-1-0-authenticated-contributor-stored-cross-site-scripting-via-shortcode-vulnerability?_a_id=350

• This reply was modified 11 months, 3 weeks ago by back2basicsmn.

According to the SEO Slider plugin changelog, a patch was developed for this issue two over months ago: version 1.1.1, dated 11/2/2023. (See changelog here: https://www.ads-software.com/plugins/seo-slider/#developers.) Unfortunately, it’s not available in the WordPress plugin repository. Only the vulnerable version is (v1.1.0).

Even the Wordfence database shows that a patched version was created. (here: https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/seo-slider/seo-slider-110-authenticated-contributor-stored-cross-site-scripting-via-shortcode.)

Hopefully, the lack of availability is an oversight and the plugin developer (seothemes) will see this thread and make the patch available. I would really hate to have to change out this slider. They did a great job with it. Thanks.

Please, @jivedig ,

Can you tell him @seothemes that the patch is not working?
Version is not set properly and slider settings doesn’t work after the patch.

Thanks