Title: Security Issues? Last modified: March 3, 2022 --- # Security Issues? * Resolved [andyadvice](https://wordpress.org/support/users/andyadvice/) * (@andyadvice) * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issues-49/) * We have a security plugin protecting the site and it says there are serious security issues as below: * [https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-7-authenticated-persistent-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-7-authenticated-persistent-cross-site-scripting-xss-vulnerability) * [https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-6-6-reflected-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-6-6-reflected-cross-site-scripting-xss-vulnerability) * [https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835](https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835) * [⌊2022-03-03_15-24-53.png⌉⌊2022-03-03_15-24-53.png⌉[ * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-issues-49%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 6 replies - 1 through 6 (of 6 total) * [miguelrzdesign17](https://wordpress.org/support/users/miguelrzdesign17/) * (@miguelrzdesign17) * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issues-49/#post-15422634) * They rolled out an update (v5.4.4) which states the following in the Changelog: * Updated – Freemius SDK Fixed – Security fix * But iThemes Security is still stating the following for this version: “Unauthorised AJAX Calls via Freemius” * Can we confirm that version 5.4.4 has the vulnerability patched? * [patrickhealy](https://wordpress.org/support/users/patrickhealy/) * (@patrickhealy) * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issues-49/#post-15423992) * I love when things work out the way they are supposed to. This is what a community like this is all about…. * Plugin Author [Vinod Dalvi](https://wordpress.org/support/users/vinod-dalvi/) * (@vinod-dalvi) * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issues-49/#post-15425130) * [@andyadvice](https://wordpress.org/support/users/andyadvice/) * > We have a security plugin protecting the site and it says there are serious > security issues as below: > [https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-7-authenticated-persistent-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-7-authenticated-persistent-cross-site-scripting-xss-vulnerability) > [https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-6-6-reflected-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/vulnerability/add-search-to-menu/wordpress-ivory-search-plugin-4-6-6-reflected-cross-site-scripting-xss-vulnerability) > [https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835](https://wpscan.com/vulnerability/ecc620be-8e29-4860-9d32-86b5814a3835) * The issues are already resolved as shown on the shared pages and I have highlighted them in these screenshots [https://imgur.com/a/SY43nsY](https://imgur.com/a/SY43nsY) so please make sure that you are using the latest version of the Ivory Search plugin. * Plugin Author [Vinod Dalvi](https://wordpress.org/support/users/vinod-dalvi/) * (@vinod-dalvi) * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issues-49/#post-15425150) * [@miguelrzdesign17](https://wordpress.org/support/users/miguelrzdesign17/) * > But iThemes Security is still stating the following for this version: > “Unauthorised > AJAX Calls via Freemius” > Can we confirm that version 5.4.4 has the vulnerability patched? * Yes, a lot of plugins and themes have been affected due to this issue as reported on the below page. * [https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a](https://wpscan.com/vulnerability/6dae6dca-7474-4008-9fe5-4c62b9f12d0a) * The issue is fixed in the latest released plugin version 5.4.4 so please make sure that you are using the latest version of the plugin. * Also, It seems this is taking some time to update the iThemes Security database so it is still displaying the issue but you can contact directly to iThemes Security to know more about it. * [patrickhealy](https://wordpress.org/support/users/patrickhealy/) * (@patrickhealy) * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issues-49/#post-15435935) * Vinod, you’re 100% on this? I don’t mean to doubt you but these alerts still coming in from iThemes AND Malcare are distressing. Along with PatchStack, these are three very well respected security services that are constantly monitoring things. I’ve gotten alerts today from the first two stating that this plugin is still vulnerable. * Plugin Author [Vinod Dalvi](https://wordpress.org/support/users/vinod-dalvi/) * (@vinod-dalvi) * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issues-49/#post-15436705) * [@patrickhealy](https://wordpress.org/support/users/patrickhealy/) Please make sure that you are using the latest version of the plugin. * I visited their below websites but didn’t see any open issues related to the plugin. * [https://ithemes.com/blog/category/wordpress-security/](https://ithemes.com/blog/category/wordpress-security/) [https://patchstack.com/database/vulnerability/add-search-to-menu](https://patchstack.com/database/vulnerability/add-search-to-menu) * If you need more support then could you please contact me using the below form? * [https://ivorysearch.com/contact/](https://ivorysearch.com/contact/) Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Security Issues?’ is closed to new replies. * ![](https://ps.w.org/add-search-to-menu/assets/icon-256x256.png?rev=2077748) * [Ivory Search - WordPress Search Plugin](https://wordpress.org/plugins/add-search-to-menu/) * [Frequently Asked Questions](https://wordpress.org/plugins/add-search-to-menu/#faq) * [Support Threads](https://wordpress.org/support/plugin/add-search-to-menu/) * [Active Topics](https://wordpress.org/support/plugin/add-search-to-menu/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/add-search-to-menu/unresolved/) * [Reviews](https://wordpress.org/support/plugin/add-search-to-menu/reviews/) * 6 replies * 4 participants * Last reply from: [Vinod Dalvi](https://wordpress.org/support/users/vinod-dalvi/) * Last activity: [4 years, 2 months ago](https://wordpress.org/support/topic/security-issues-49/#post-15436705) * Status: resolved