Title: Security issue?
Last modified: October 8, 2018

---

# Security issue?

 *  ResolvedPlugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/)
 * (@davidanderson)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/security-issue-93/)
 * [@tejaswini](https://wordpress.org/support/users/tejaswini/) [@slidervilla](https://wordpress.org/support/users/slidervilla/)
 * Hi,
 * Does anybody know what the security issue in this plugin that has led to it being
   closed is?
 * In the absence of any information, it’s hard to know what to do. (Full site compromise
   possible by anyone? Or, minor self-XSS possible if you stand on your left leg
   on the Statue of Liberty during a blue moon?)
 * David

Viewing 3 replies - 1 through 3 (of 3 total)

 *  Moderator [Samuel Wood (Otto)](https://wordpress.org/support/users/otto42/)
 * (@otto42)
 * WordPress.org Admin
 * [7 years, 8 months ago](https://wordpress.org/support/topic/security-issue-93/#post-10779839)
 * Does it matter? It is insecure, and not being updated any longer.
 * Don’t use it. Remove it and find a new plugin.
 *  Plugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/)
 * (@davidanderson)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/security-issue-93/#post-10780542)
 * Hi Otto,
 * “Insecure” covers a multitude of possibilities, ranging from the very hard to
   trigger and very limited in impact when triggered, up to the easy to trigger 
   and disastrous in impact. Time is a limited resource, and people like to prioritise
   their time based on the most pressing problems. Having no information upon whether
   a problem is pressing or not is very unhelpful to the operators of the 10,000
   + active sites that this is on, who, in the absence of any information, are forced
   to assume the worst.
 * I’m also a plugin developer, not a simple end-user. If a problem is an easy one-
   line fix, then it’s easier for me to make the fix than to research migration 
   paths and move to a different plugin. Again, not having that information is frustrating
   and leads to unnecessary duplication of work.
 * In the case of this particular plugin, I’ve audited the code. Users are susceptible
   to targeted persistent XSS attacks. Googling shows that others have also done
   so and come to the same conclusion.
 * David
 *  Plugin Author [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/)
 * (@davidanderson)
 * [7 years, 8 months ago](https://wordpress.org/support/topic/security-issue-93/#post-10785680)
 * I’m marking my own thread as closed now, since I took over maintainership of 
   the plugin and cleaned it up so that it now has no known vulnerabilities. (Users
   were exposed to various things of this sort: [http://vinnievanhoecke.be/blog/1530144000](http://vinnievanhoecke.be/blog/1530144000)).
 * David

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Security issue?’ is closed to new replies.

 * ![](https://s.w.org/plugins/geopattern-icon/testimonial-slider_f67c72.svg)
 * [Testimonial Slider](https://wordpress.org/plugins/testimonial-slider/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/testimonial-slider/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/testimonial-slider/)
 * [Active Topics](https://wordpress.org/support/plugin/testimonial-slider/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/testimonial-slider/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/testimonial-slider/reviews/)

 * 3 replies
 * 2 participants
 * Last reply from: [David Anderson / Team Updraft](https://wordpress.org/support/users/davidanderson/)
 * Last activity: [7 years, 8 months ago](https://wordpress.org/support/topic/security-issue-93/#post-10785680)
 * Status: resolved