Reported Vulnerability
-
On several sites I’m using WP-Members. On one of them I got the warning from Patchstack about a vulnerability.
WordPress WP-Members plugin <= 3.5.4 – Cross Site Scripting (XSS) Vulnerability
Vulnerability Type: Cross Site Scripting (XSS)
Version Fixed In: No Fix
References:
https://patchstack.com/database/vulnerability/wp-members/wordpress-wp-members-plugin-3-5-4-cross-site-scripting-xss-vulnerability?_a_id=15Is this correct?
-
The vendor has been ignoring the report since 2025-05-26 (15:01:46 EEST), when it was successfully submitted via the contact form on the vendor’s website.
Some clarification on that report: the screenshot they provided me indicates it was through the contact form on butlerblog.com where it very clearly states the following:
Before using this form, please note the following:
WP-Members is supported by rocketgeek.com. If your question or comment has anything to do with WP-Members, do not ask it here.
Patchstack did not report this through rocketgeek.com, which has been the sole supporting source for this plugin since 2012, and thus, I was completely unaware of this until this morning. Needless to say, I am more than just a little upset about it.
Could you please respond to my original email with information so I can address this going forward? I don’t want to get into a public argument about who did what here and who is at fault – I’d rather just get it addressed and fixed.
The topic ‘Reported Vulnerability’ is closed to new replies.
