Title: Patchstack: <=17.7 Cross Site Scripting vulnerability Last modified: June 1, 2026 --- # Patchstack: <=17.7 Cross Site Scripting vulnerability * Resolved [megamurmulis](https://wordpress.org/support/users/megamurmulis/) * (@megamurmulis) * [1 week, 3 days ago](https://wordpress.org/support/topic/patchstack-17-7-cross-site-scripting-vulnerability/) * WordPress WP Google Review Slider plugin <= 17.7 – Cross Site Scripting (XSS) vulnerability [https://patchstack.com/database/wordpress/plugin/wp-google-places-review-slider/vulnerability/wordpress-wp-google-review-slider-plugin-17-7-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/wordpress/plugin/wp-google-places-review-slider/vulnerability/wordpress-wp-google-review-slider-plugin-17-7-cross-site-scripting-xss-vulnerability)` Required privilege: Unauthenticated` * Given that it was not disclosed until recently – v17.8 is likely vulnerable as well – since generic update: `17.8 Updated styling for WPv7.` Viewing 1 replies (of 1 total) * Plugin Author [jgwhite33](https://wordpress.org/support/users/jgwhite33/) * (@jgwhite33) * [1 week, 3 days ago](https://wordpress.org/support/topic/patchstack-17-7-cross-site-scripting-vulnerability/#post-18925445) * This would only have been an issue if an original review on Google had script tags and somehow made it past all of Google’s security and was downloaded to the plugin. So not really possible. I just pushed out V17.9 with extra output sanitation for downloaded reviews just in case. Viewing 1 replies (of 1 total) You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fpatchstack-17-7-cross-site-scripting-vulnerability%2F%3Foutput_format%3Dmd&locale=en_US) to reply to this topic. * ![](https://ps.w.org/wp-google-places-review-slider/assets/icon-128x128.gif?rev =3174489) * [WP Google Review Slider](https://wordpress.org/plugins/wp-google-places-review-slider/) * [Frequently Asked Questions](https://wordpress.org/plugins/wp-google-places-review-slider/#faq) * [Support Threads](https://wordpress.org/support/plugin/wp-google-places-review-slider/) * [Active Topics](https://wordpress.org/support/plugin/wp-google-places-review-slider/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/wp-google-places-review-slider/unresolved/) * [Reviews](https://wordpress.org/support/plugin/wp-google-places-review-slider/reviews/) * 1 reply * 2 participants * Last reply from: [jgwhite33](https://wordpress.org/support/users/jgwhite33/) * Last activity: [1 week, 3 days ago](https://wordpress.org/support/topic/patchstack-17-7-cross-site-scripting-vulnerability/#post-18925445) * Status: resolved