error message: website vulnerable due to plugin

Hi,

Thanks for using our plugin and reaching out to us.

The fix was deployed last friday, see:

12.4.1 (2023-03-24)

• Fixed a Cross Site Request Forgery vulnerability, not all nonce’s where properly checked

We are still waiting for Patchstack to valid this.

Hi, This error message suggests the vulnerability still exists even in the latest version 12.4.2:
https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuTUQ4anl3OUkwdDB3bDlkVDExTnhkUF9PVkZCNG5GWEgxbU15Z25XQ3g4OXRoTVZpWXFIQ3RNMExwaUdtQ01sbEd5Z1l4cllFcmpmQktzdEx0SEFNVkVSWEhWYmMwZmhQYmp5eGhOWE9LejV6Zko5d19HeGVoZHVRSXlGQjFGTjhQeFdEZWJtNjJLN1Z4V21oY2lSZWotaVFLLTRZcTRmQ0dsa0JQMHFqcnVNQ3lOTDZpVWRjSmdYc3V3T1FKWFdOdE0wazlYNHZOYm52TGhXWkNseTVGclE2MGtoZXpQbGlONEVjamZsY1QzZzl0cXlBSEt1RFROay1LOFFUNl9yXzd5Q3ZDVGF0aE5Ua0dWVGRQNUlDUS1TZXRPVG1xUlk2NU9mS0VjZEFIS19ZYUVyOEktVFZCYWtpcEpidmpYZHNJUS1YRzZFMGhUUUpwTDBqMnhXSC15UFljMGlVUzNpRXMtMVZCWjk3MDFzNU9mYV9Md2VtNDkwdElmOEhrbm83Qm1Qam5RZWNRUQ%253D%253D?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJuYmYiOjE2Nzk5NjUxNTQsImlhdCI6MTY3OTk2NTE1NCwiZXhwIjoxNjgwNTY5OTU0LCJncmFudCI6Iml0c2VjLXNpdGUtc2Nhbm5lci1tYW5hZ2Utc2NhbiIsInVzZXIiOjJ9.EQT02ggOWxHKlX993kWZNmrDYFCY0Pf-U7sPupmhRJY

That is because they did not check and verify yet the issue at hand as been resolved.

Assuming the issue at hand has been resolved or our support is no longer required we will close this topic for housekeeping reasons.