Plugin fails PCI DSS compliance

Hi,

I have run a scan of my store for PCI DSS compliance, and the following potential exploit has been flagged up:

http local file inclusion
local file inclusion in ver parameter to /wp-content/plugins/yith-woocommerce-zoom-magnifier/assets/js/jquery.carouFredSel.min.js

PCI details:
A local file inclusion vulnerability was detected in a web program. This vulnerability arises due to the web program using user input to identify a local file and include it in the response page, without sufficiently verifying that the user input is valid.

This is obviously quite serious as it will mean all stores running YITH magnifier fail PCI DSS compliance.

I don’t use the carousel feature so can just remove this code, but it would be nice to have a proper solution.

https://www.ads-software.com/plugins/yith-woocommerce-zoom-magnifier/