Plugin Author
Vova
(@gn_themes)
The issue was fixed in 5.13.1. Please install the latest update.
The information at patchstack is invalid.
Thread Starter
Chuckie
(@ajtruckle)
Maybe flag it to them then ? We we have messages showing.
WPMU Dev Defender is also showing is a vulnerability issue, probably because all the malware scanners use the same vulnerability databases/API.
WordPress Shortcodes Ultimate plugin <= 5.13.1 – Reflected Cross Site Scripting (XSS) vulnerability
-Vulnerability type: Cross Site Scripting (XSS)
-No Update Available
Thread Starter
Chuckie
(@ajtruckle)
Yeah. I get the same. Already have latest version.
Plugin Author
Vova
(@gn_themes)
I’ve contacted Patchstack today. Their chatbot have promised that they will reply on Monday. I hope they will fix this asap.
Please don’t worry. Freemius rep. contacted me about two weeks before the report was published, so this wasn’t a surprise. It was a big collective update of all Freemius-based plugins.
I’m sure the Patchstack’s report will be fixed soon. Anyways, if they won’t update the report, I will publish a new version of the plugin just to eliminate those false-positives.
Even i am getting the following warning from iThemeSecurity, even though i have the latest version of the plugin –
Scheduled site scan report: Vulnerable Software
Known Vulnerabilities
Hello, I still have this problem. What to do?
Plugin Author
Vova
(@gn_themes)
Well, it seems Patchstack’s support decided not to respond.
I’m releasing a new version (5.13.2) to suppress security alerts. This should solve the issue.
Thank you for releasing the update and working on getting this cleared up. I have been updating my sites since yesterday. I use PLESK and their WordPress Tool kit is showing that the 5.13.2 shows a vulnerability. erg. Thought you should know. sorry.
