Title: Plugin has vulnerability issues
Last modified: January 3, 2024

---

# Plugin has vulnerability issues

 *  Resolved [bishawjit-das](https://wordpress.org/support/users/bishawjit-das/)
 * (@bishawjit-das)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/plugin-has-vulnerability-issues/)
 * The plugin does not validate and escape some of its shortcode attributes before
   outputting them back in a page/post where the shortcode is embed, which could
   allow users with the contributor role and above to perform Stored Cross-Site 
   Scripting attacks
   [https://wpscan.com/vulnerability/e54804c7-68a9-4c4c-94f9-1c3c9b97e8ca/](https://wpscan.com/vulnerability/e54804c7-68a9-4c4c-94f9-1c3c9b97e8ca/)

Viewing 3 replies - 1 through 3 (of 3 total)

 *  [mayy3321](https://wordpress.org/support/users/mayy3321/)
 * (@mayy3321)
 * [2 years ago](https://wordpress.org/support/topic/plugin-has-vulnerability-issues/#post-17777908)
 *  This is shocking it’s a vulnerability a year old and obviously it would be very
   easy to validate and fix. So I guess that this developer is no longer around.
   Is there any other alternative plugin that can do this job
 *  [Kondor with a K](https://wordpress.org/support/users/kondorwithak/)
 * (@kondorwithak)
 * [1 year, 11 months ago](https://wordpress.org/support/topic/plugin-has-vulnerability-issues/#post-17802553)
 * [@mayy3321](https://wordpress.org/support/users/mayy3321/)
 * I faced the same problem and ended up replacing this plugin with a similar one
   called Ultimate Before After Image Slider & Gallery – BEAF. [https://wordpress.org/plugins/beaf-before-and-after-gallery/](https://wordpress.org/plugins/beaf-before-and-after-gallery/)
 * Although the free version is limited, I was able to replicate my before/after
   sliders and create a two-column gallery. Here’s a demo of this plugin: [https://themefic.com/plugins/beaf/](https://themefic.com/plugins/beaf/)
 * Hope that helps!
 *  Plugin Author [Zayed Baloch](https://wordpress.org/support/users/zayedbaloch/)
 * (@zayedbaloch)
 * [1 year, 10 months ago](https://wordpress.org/support/topic/plugin-has-vulnerability-issues/#post-17864221)
 * Hi everyone,
 * I sincerely apologize for the oversight regarding the security vulnerabilities
   in the plugin. We take your concerns very seriously.
 * The issues with the shortcode attributes and potential Stored Cross-Site Scripting
   attacks have been addressed. The plugin has been fully reviewed by the WordPress
   plugin team, and the latest version 1.7.1 is now available. I strongly encourage
   you to update the plugin to ensure your sites remain secure.
 * Thank you for your patience and understanding.
 * Best regards,

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Plugin has vulnerability issues’ is closed to new replies.

 * ![](https://ps.w.org/twenty20/assets/icon-256x256.png?rev=3241520)
 * [Twenty20 Image Before-After](https://wordpress.org/plugins/twenty20/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/twenty20/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/twenty20/)
 * [Active Topics](https://wordpress.org/support/plugin/twenty20/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/twenty20/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/twenty20/reviews/)

 * 5 replies
 * 4 participants
 * Last reply from: [Zayed Baloch](https://wordpress.org/support/users/zayedbaloch/)
 * Last activity: [1 year, 10 months ago](https://wordpress.org/support/topic/plugin-has-vulnerability-issues/#post-17864221)
 * Status: resolved