Title: plugin vulnerability
Last modified: March 9, 2026

---

# plugin vulnerability

 *  [imokweb](https://wordpress.org/support/users/imokweb/)
 * (@imokweb)
 * [2 months ago](https://wordpress.org/support/topic/plugin-vulnerability-49/)
 * Hi there
 * I’m using managewp and a vulnerability issue showed up in your plugin
 * [https://patchstack.com/database/wordpress/plugin/favorites/vulnerability/wordpress-favorites-plugin-2-3-6-local-file-inclusion-vulnerability](https://patchstack.com/database/wordpress/plugin/favorites/vulnerability/wordpress-favorites-plugin-2-3-6-local-file-inclusion-vulnerability)
 * Can you fix this an release a new update?
 * thanks

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [lulupont](https://wordpress.org/support/users/lulupont/)
 * (@lulupont)
 * [1 month ago](https://wordpress.org/support/topic/plugin-vulnerability-49/#post-18871963)
 * HI, I love the plugin , but I have also been getting security risk warnings:
 * The WP Favorite Posts plugin for WordPress has a security issue in versions up
   to 1.6.8. This problem allows someone with bad intentions to trick a site administrator
   into taking an action without their permission, like clicking on a link. This
   happens because the plugin isn’t properly checking for security confirmations
   in one of its functions.
 * Hope someone can look at it.
 * Thanks in advance
 *  [FannyV](https://wordpress.org/support/users/fannyv/)
 * (@fannyv)
 * [1 week, 6 days ago](https://wordpress.org/support/topic/plugin-vulnerability-49/#post-18892855)
 * **High priority **
   Any update planned for this plugin?[https://patchstack.com/database/wordpress/plugin/favorites/vulnerability/wordpress-favorites-plugin-2-3-6-local-file-inclusion-vulnerability](https://patchstack.com/database/wordpress/plugin/favorites/vulnerability/wordpress-favorites-plugin-2-3-6-local-file-inclusion-vulnerability)
 *  [chiccu](https://wordpress.org/support/users/chiccu/)
 * (@chiccu)
 * [1 week, 4 days ago](https://wordpress.org/support/topic/plugin-vulnerability-49/#post-18895061)
 * Is there any way to contact the plugin creator?
 *  [PatrizioRD](https://wordpress.org/support/users/patriziord/)
 * (@patriziord)
 * [1 day ago](https://wordpress.org/support/topic/plugin-vulnerability-49/#post-18903801)
 * For anyone following, a few hours ago [the author merged a pull request with a patch, sounds like good news](https://github.com/kylephillips/favorites/commit/bfa87ad0c219f60c87d727a3f9585e697dec72c9).

Viewing 4 replies - 1 through 4 (of 4 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fplugin-vulnerability-49%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/favorites/assets/icon-128x128.png?rev=1677726)
 * [Favorites](https://wordpress.org/plugins/favorites/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/favorites/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/favorites/)
 * [Active Topics](https://wordpress.org/support/plugin/favorites/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/favorites/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/favorites/reviews/)

 * 5 replies
 * 5 participants
 * Last reply from: [PatrizioRD](https://wordpress.org/support/users/patriziord/)
 * Last activity: [1 day ago](https://wordpress.org/support/topic/plugin-vulnerability-49/#post-18903801)
 * Status: not resolved