Marked as vulnerable

  • Hey, this plugin has been marked as vulnerable since 17/01/2023 on WPScan and Patchstack. Will this be resolved?

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author toddhalfpenny

    (@toddhalfpenny)

    This was resolved in the 1.7 release. I don’t know why those sites have not been updated.

    Thread Starter Three AM Web + IT

    (@threeamdesign)

    Hi Todd,

    I have asked the Patchstack team and their response was:

    It’s still vulnerable. The?developer?used?dev used esc_js instead of esc_attr. Please patch it correctly and let us know. We will check the patch and validate it.

    We are still getting server notifications about this:

    WordPress Widgets on Pages plugin <= 1.7.0 – Contributor Stored XSS vulnerability

    Is this going to be patched soon?

    Plugin Author toddhalfpenny

    (@toddhalfpenny)

    Hullo, I’m still a bit confused as to why this is marked as such, but I have an update coming soon that might address this. From my side I cannot really see any issues with the current implementation, but I’m trying to harden it even further.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Marked as vulnerable’ is closed to new replies.