WPScan shows vulnerability in 4.4.11

Viewing 1 replies (of 1 total)

  • Howdy @luminrach

    That WPScan report says the vulnerability is fixed in 4.4.11, it’s going to be fine.

    If anyone else sees this and wonders, the Report title is “Image Widget < 4.4.11 – Admin+ Stored XSS”
    As in, it as an issue but has been fixed in 4.4.11. If you check the Image Widget changelog, there is an entry: “Security – Prevent old Image URL from being misused for XSS attacks.” – that’s the fix.

    If you have more questions, do please reach out!

    Cheers,
    Stephen

Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.