Title: Plugin Security Vulnerability Issue – WPEngine Last modified: July 27, 2023 --- # Plugin Security Vulnerability Issue – WPEngine * Resolved [tison_](https://wordpress.org/support/users/tison_/) * (@tison_) * [2 years, 10 months ago](https://wordpress.org/support/topic/plugin-security-vulnerability-issue-wpengine/) * This message below was sent to us by wpengine. Is there a patch / fix / upgrade we should do? Thank you for the amazing plugin btw * > Hello, > At WP Engine we take the security of your sites very seriously, and make every > effort to keep our customers aware of any potential security risks. We are > reaching out to you today because we identified your site(s), is (are) utilizing > a vulnerable version of the User Menus – Nav Menu Visibility plugin. > At this time, we are not seeing that the plugin author has released an update > or patch for this vulnerability. > WP Engine summary of the vulnerability: Data from an attacker could be interpreted > as code by site visitors’ web browsers. The ability to run code in another > site visitors’ browser can be abused to steal information, or modify site configuration. > Original 3rd-party’s report on the vulnerability: Please note that questions > related to this article should be directed to the 3rd-party researcher and > not WP Engine: > [https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33999](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33999) > [https://wpscan.com/vulnerability/39d1f22f-ea34-4d94-9dc2-12661cf69d36](https://wpscan.com/vulnerability/39d1f22f-ea34-4d94-9dc2-12661cf69d36) > We encourage you to assess the risk of continuing to use this plugin until > a patch is released. > Please make sure to run a backup of your database before making any changes. > You can learn how to do this in this article: [http://wpengine.com/support/restore/ ](http://wpengine.com/support/restore/ );. Viewing 1 replies (of 1 total) * Thread Starter [tison_](https://wordpress.org/support/users/tison_/) * (@tison_) * [2 years, 10 months ago](https://wordpress.org/support/topic/plugin-security-vulnerability-issue-wpengine/#post-16928559) * Correction – wpengine just posted that their alert was an error in the scanner they use, so please remove / close this ticket Viewing 1 replies (of 1 total) The topic ‘Plugin Security Vulnerability Issue – WPEngine’ is closed to new replies. * ![](https://ps.w.org/user-menus/assets/icon-256x256.png?rev=1507838) * [User Menus - Nav Menu Visibility](https://wordpress.org/plugins/user-menus/) * [Frequently Asked Questions](https://wordpress.org/plugins/user-menus/#faq) * [Support Threads](https://wordpress.org/support/plugin/user-menus/) * [Active Topics](https://wordpress.org/support/plugin/user-menus/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/user-menus/unresolved/) * [Reviews](https://wordpress.org/support/plugin/user-menus/reviews/) * 1 reply * 1 participant * Last reply from: [tison_](https://wordpress.org/support/users/tison_/) * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/plugin-security-vulnerability-issue-wpengine/#post-16928559) * Status: resolved