Same here, can’t update the security vulnerabilities package because of site search 360
$ composer update
Loading composer repositories with package information
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
– Root composer.json requires letraceursnork/wordpress-security-advisories dev-master -> satisfiable by letraceursnork/wordpress-security-advisories[dev-master].
– Root composer.json requires wpackagist-plugin/site-search-360 ^2.1.7 -> satisfiable by wpackagist-plugin/site-search-360[2.1.7].
– letraceursnork/wordpress-security-advisories dev-master conflicts with wpackagist-plugin/site-search-360
<=2.1.7.
After contacting SiteSearch 360 customer support, I got this answer:
The alert regarding the SiteSearch 360 plugin has already been reviewed by our security team. At this time, no actionable vulnerabilities have been identified. Additionally, the original report contained only a general claim without any supporting technical details.
We are continuing to monitor the situation closely and will take appropriate action if any new information arises.
So, basically, instead of contacting Patchstack to find out or get information about the actual problem, they keep saying that the plugin is secure…
If I have to choose who to trust about security issues in plugins , I choose Patchstack…
