Title: Cross Site Scripting Vulnerability Patch? Last modified: August 19, 2021 --- # Cross Site Scripting Vulnerability Patch? * Resolved [w3bdevguru](https://wordpress.org/support/users/w3bdevguru/) * (@w3bdevguru) * [4 years, 9 months ago](https://wordpress.org/support/topic/cross-site-scripting-vulnerability-patch/) * Just wondering if you had any plans on fixing/patching the Cross Site Scripting Vulnerability (Authenticated Stored XSS)? I know you stated you are not adding to the plugin, but what about patching security issues? Viewing 4 replies - 1 through 4 (of 4 total) * Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/) * (@sterndata) * Volunteer Forum Moderator * [4 years, 9 months ago](https://wordpress.org/support/topic/cross-site-scripting-vulnerability-patch/#post-14785115) * The plugin is closed; I strongly suggest you find another. * Plugin Author [Erikvona](https://wordpress.org/support/users/erikvona/) * (@erikvona) * [4 years, 9 months ago](https://wordpress.org/support/topic/cross-site-scripting-vulnerability-patch/#post-14785158) * The recently identified vulnerability has been patched in version 1.4.4. If you have information on a still present vulnerability, please let me know ([https://evona.nl/contact/](https://evona.nl/contact/) should work, reply here too so I can check it didn’t end up in spam). * The plugin will remain closed, though, per a strong recommendation by the WordPress plugin team to do so, since I’m no longer actively developing the plugin and only addressing serious concerns. Any current users should have received and should install the update. * If you really, really want to use the plugin, you can always use SVN to get it. * Thread Starter [w3bdevguru](https://wordpress.org/support/users/w3bdevguru/) * (@w3bdevguru) * [4 years, 9 months ago](https://wordpress.org/support/topic/cross-site-scripting-vulnerability-patch/#post-14796591) * Thank you for your response. I just sent you an email via your form on your contact page. * Plugin Author [Erikvona](https://wordpress.org/support/users/erikvona/) * (@erikvona) * [4 years, 9 months ago](https://wordpress.org/support/topic/cross-site-scripting-vulnerability-patch/#post-14796613) * I’ve reviewed your mail and it’s just a scan report. * This plugin tends to trigger false positives, either because it’s closed (which indicates there is a vulnerability, so a lazy scanner that assumes all closed plugins contain vulnerabilities will think its vulnerable) or because, depending on your definition, it still makes XSS possible since as an authenticated user you can insert scripts (both on and cross site) into the head section, which precisely is the purpose of this plugin (you can argue that isn’t a false positive, but then you shouldn’t be using this plugin). * I wouldn’t worry about it. As soon as I receive information on a credible XSS attack I’ll update. Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Cross Site Scripting Vulnerability Patch?’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/per-page-add-to.svg) * [Per page add to head](https://wordpress.org/plugins/per-page-add-to/) * [Support Threads](https://wordpress.org/support/plugin/per-page-add-to/) * [Active Topics](https://wordpress.org/support/plugin/per-page-add-to/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/per-page-add-to/unresolved/) * [Reviews](https://wordpress.org/support/plugin/per-page-add-to/reviews/) ## Tags * [Cross-site scripting](https://wordpress.org/support/topic-tag/cross-site-scripting/) * [update](https://wordpress.org/support/topic-tag/update/) * 4 replies * 3 participants * Last reply from: [Erikvona](https://wordpress.org/support/users/erikvona/) * Last activity: [4 years, 9 months ago](https://wordpress.org/support/topic/cross-site-scripting-vulnerability-patch/#post-14796613) * Status: resolved