Title: Can Anyone Fix the Security Issue? Last modified: October 22, 2025 --- # Can Anyone Fix the Security Issue? * [Jim Hill](https://wordpress.org/support/users/jimhill10/) * (@jimhill10) * [6 months ago](https://wordpress.org/support/topic/can-anyone-fix-the-security-issue/) * This is a valuable plugin and I suspect that it is used by many others and not just me. For my uses it provides critical functionality. There is an open security issue. I have not looked into the code yet but was hoping maybe the original developer would do that. * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/thesography/exifography-131-authenticated-administrator-stored-cross-site-scripting](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/thesography/exifography-131-authenticated-administrator-stored-cross-site-scripting) * `The Exifography plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only impacts multi-site installations and installations where unfiltered_html has been disabled.` The topic ‘Can Anyone Fix the Security Issue?’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/thesography_777159.svg) * [Exifography](https://wordpress.org/plugins/thesography/) * [Frequently Asked Questions](https://wordpress.org/plugins/thesography/#faq) * [Support Threads](https://wordpress.org/support/plugin/thesography/) * [Active Topics](https://wordpress.org/support/plugin/thesography/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/thesography/unresolved/) * [Reviews](https://wordpress.org/support/plugin/thesography/reviews/) * 0 replies * 1 participant * Last reply from: [Jim Hill](https://wordpress.org/support/users/jimhill10/) * Last activity: [6 months ago](https://wordpress.org/support/topic/can-anyone-fix-the-security-issue/) * Status: not resolved