Security Issue Reported by Wordfence and Patchstack | ww.wp.xz.cn

CK MacLeod
(@ck-macleod)

5 months, 1 week ago

Wordfence is reporting a medium severity but critical vulnerability for this plugin. On the other hand, it references a Patchstack security report that rates the issue is low severity. Neither specifies a known patch.

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wp-storymap/storymap-21-authenticated-contributor-stored-cross-site-scripting

https://patchstack.com/database/wordpress/plugin/wp-storymap/vulnerability/wordpress-storymap-plugin-2-1-cross-site-scripting-xss-vulnerability

It seems like you’re still updating this plugin, though i haven’t seen any activity in this forum for years. If you are planning to address the issue, we may choose to keep using the plugin and monitor the situation. Is this something you think you might be addressing?

Thanks! – we do have found this plugin very useful and would hate to have to replace it.

You must be logged in to reply to this topic.

0 replies
1 participant
Last reply from: CK MacLeod
Last activity: 5 months, 1 week ago
Status: not resolved