Version 4.9.1 vulnerable to Cross Site Scripting (XSS) ?

Viewing 7 replies - 1 through 7 (of 7 total)

  • Curious if this matter is being worked on. It would be helpful to know an ETA to make a decision on whether to remove the plugin in or not?

    Plugin Author Rico Macchi

    (@rico-macchi)

    Yes, I am working on a solution and should be updating the plugin shortly. Apology for the delay.

    Thank you

    Plugin Author Rico Macchi

    (@rico-macchi)

    Fixed Security issue for Cross Site Scripting

    Updated to Version 4.9.3

    Thread Starter nv_yvr

    (@nv_yvr)

    It’s been a few days, but weirdly enough, the links in my first post still show the vulnerability as not fixed.

    So I’m wondering if Rico would need to contact one or both of them, for his nice plugin to be taken off their vulnerability listings?

    Just for convenience, here are the links again:

    Wordfence bulletin

    WordPress vulnerability database

    Plugin Author Rico Macchi

    (@rico-macchi)

    I contacted Patchstack today and was told they didn’t recheck the plugin but will shortly.

    Thank you

    Plugin Author Rico Macchi

    (@rico-macchi)

    Added a new security patch on version 4.9.4 that has been approved by Patchstack.

    Thread Starter nv_yvr

    (@nv_yvr)

    Looks like 4.9.4 did the trick!

    WordPress vulnerability database now shows it as fixed!

    • This reply was modified 1 year, 6 months ago by nv_yvr.
Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘Version 4.9.1 vulnerable to Cross Site Scripting (XSS) ?’ is closed to new replies.