@groggy72 thank you for bringing this to our attention. We’re already working on patching the vulnerability. An update will be rolled out as soon as the security issue is patched.
Thank you
Thank you for your patience regarding the recent security advisory related to our plugin. We sincerely apologize for any confusion or concern caused by inaccuracies in the information initially reported.
Upon further review, we discovered that this issue resulted from an error in the wrong affected version range and patched version input and details from the CNA responsible for filing the CVE record. This caused other vulnerability databases to pick up on the error and CVE entry. Their records and the associated CVE entry have now been corrected. A clarifying note has also been added to the advisory to reflect this update.
Key details:
1. The patched version of the plugin (already released and available) resolves the issue. It is v1.12.1, and I can confirm that it is safe to run on websites.
2. The corrected advisory now accurately reflects the affected versions, ensuring transparency.
Rest assured, your site’s security remains our top priority. If you’ve updated to the latest version (v1.12.1) of the plugin, no further action is needed. If you have questions or require assistance, please reply to this thread.
Thank you for your understanding.
P.S. Stay updated by following our plugin’s changelog or subscribing to our security notifications
Many thanks for clarifying
You’re welcome, @groggy72
