patchstack security issue since 13.7.3

  • patchstack reports a security issue with your plugin: “WordPress Gutenberg plugin <= 13.7.3 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability”
    I have version 14.2.0 now
    When will you fix it?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator Kathryn Presner

    (@zoonini)

    Hi there, Patchstack’s own article says that “it is not a critically severe issue, it is at best a low severity issue (and possibly not even that).” It was already reported through HackerOne and is being evaluated by the Gutenberg developers; I’m not able to give you a timeline on when, or whether, the issue will be addressed in a future version of Gutenberg.

    You are welcome to deactivate the Gutenberg plugin if it makes you more comfortable, as it’s only meant to get experimental features prior to their release in core.

    sideoutsteve

    (@sideoutsteve)

    I have version 14.4 now and my server still tells me to deactivate Gutenberg because of the Authenticated Stored Cross-Site Scripting (XSS) vulnerability.

    How you guys handle this?

    Moderator Kathryn Presner

    (@zoonini)

    Hi @sideoutsteve – I think my reply above still applies, but just let me know if anything there isn’t clear.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘patchstack security issue since 13.7.3’ is closed to new replies.