Plugin removed – unpatched security vulnerability

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author StudioPress

    (@studiopress)

    WP Engine Security is aware of a Stored XSS vulnerability in the genesis-blocks plugin which can be leveraged by an attacker with Contributor or greater permissions. A patch to address the vulnerability is being expedited and we expect this to be released shortly.

    How long does it usually take for WordPress to do the full review? This issue is marked as resolved, but the main plugin page still says “This plugin has been closed as of July 11, 2024 and is not available for download. This closure is temporary, pending a full review.”

    Plugin Author StudioPress

    (@studiopress)

    Please check to see if you are able to update the plugin from your dashboard.

    If you are not able to, we’d be happy to send a copy of the latest version of the plugin that we have committed (with the patch for the vulnerability mentioned above) to you so that you can manually update.

    Thank you, yes I was able to update it.

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.