Title: Vulnerability issue Last modified: July 20, 2023 --- # Vulnerability issue * Resolved [MD Tareq](https://wordpress.org/support/users/mdtareqhassan/) * (@mdtareqhassan) * [2 years, 10 months ago](https://wordpress.org/support/topic/vulnerability-issue-9/) * Malware scanner says the plugin is vulnerable !!! Ref: [https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-pdf-embedder-plugin-for-wordpress-plugin-2-0-11-reflected-cross-site-scripting-xss-vulnerability?_a_id=241](https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-pdf-embedder-plugin-for-wordpress-plugin-2-0-11-reflected-cross-site-scripting-xss-vulnerability?_a_id=241) * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerability-issue-9%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Contributor [shehabulislam](https://wordpress.org/support/users/shehabulislam/) * (@shehabulislam) * [2 years, 10 months ago](https://wordpress.org/support/topic/vulnerability-issue-9/#post-16913970) * Hi * I’m sorry, but that is incorrect information. We did not use Freemius SDK in this plugin and we have updated the Freemius SDK in all our plugins where it was used. * Thank you * [suzannap](https://wordpress.org/support/users/suzannap/) * (@suzannap) * [2 years, 10 months ago](https://wordpress.org/support/topic/vulnerability-issue-9/#post-16927256) * Hi, * I’m having vulnerability issues with the plugin. This is the message I get: * [WordPress PDF Poster – PDF Embedder Plugin for WordPress plugin <= 2.0.11 – Reflected Cross Site Scripting (XSS) vulnerability](https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwubTZtS0pHbEd3UFN2ZHl6OHpHRTJQRW5QNEU2c3c2R3FEelpXdjRhaVVPcHlVV2hRd053QndPdGhQM2J4NmxkYkxKNThPTGk3ZENuVzBVUk02S19pRzhfSW1rcHBWNGRlbjdWcXlaS2RyVl8wR3JyYWU2OGtoOWE0WWNDZmxrSkx0ckN5MnE3RmIzS3k3R1dnOGdLZENjLVlZUU10TkpDTmlVVVZkOHFweTU3RDRINEVtN3ZoeFl5Qlo0QXFmcnhMSHNZZzRDWWdPREZtUy1xMzlMZXRrek0xUFhoNHJDVGJDb09fbXFmMzhBb1E5aDNQblpZQUtyZkZiVzByZEg2UWp6VEs1N3BYVWJieHczaWRQMmptcjVBZlJxY1lLUzFCcEN2cXcwdnM5ampyYUxLZHpHeU1PRlF1TzNPcHV5Rkh4ZF94dWQ3N2dkREJkMWYxTGFyOGZvUXVycGdjbl9iZWVNQ3gyUnV0UjNzNnhyb3l4cUtTUzFwOVlvcmI%253D#ps-12393) * What Actions Should I Take?Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked. **Either quickly update the vulnerable theme, plugin or WordPress version immediately to the newest version or immediately deactivate and delete the plugin or theme from your WordPress installation until a fix is available.** * [Darius Sveikauskas (Patchstack)](https://wordpress.org/support/users/darius_fx/) * (@darius_fx) * [2 years, 10 months ago](https://wordpress.org/support/topic/vulnerability-issue-9/#post-16928103) * [@mdtareqhassan](https://wordpress.org/support/users/mdtareqhassan/) [@suzannap](https://wordpress.org/support/users/suzannap/) sorry for this, it’s a false-positive indication. We marked those database entries as non-published for further investigation. The problem is that some plugins had specific tags that are indicating usage of Freemius WordPress SDK. There are about 1,5K plugins/themes that are using Freemius so purely manual inspection is not an option, and as we see now automatic identification might give some wrong results. Once again sorry for the mess, we just trying to make the WordPress ecosystem safer and help the community. Thank you for letting us know about the error 🙂 * [suzannap](https://wordpress.org/support/users/suzannap/) * (@suzannap) * [2 years, 10 months ago](https://wordpress.org/support/topic/vulnerability-issue-9/#post-16928205) * So will there be a solution or should I just get rid of the plugin? I just got another report with critical issues and the same message * Plugin Contributor [shehabulislam](https://wordpress.org/support/users/shehabulislam/) * (@shehabulislam) * [2 years, 10 months ago](https://wordpress.org/support/topic/vulnerability-issue-9/#post-16937420) * Hi [@suzannap](https://wordpress.org/support/users/suzannap/) * I am sorry, but how can we fix the issue if it’s not related to this plugin? The issue is happening in Freemius SDK, and we didn’t use Freemius SDK in this plugin. Thank you Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘Vulnerability issue’ is closed to new replies. * ![](https://ps.w.org/pdf-poster/assets/icon-128x128.png?rev=3474162) * [PDF Poster – Display PDF Files with Custom Viewer](https://wordpress.org/plugins/pdf-poster/) * [Frequently Asked Questions](https://wordpress.org/plugins/pdf-poster/#faq) * [Support Threads](https://wordpress.org/support/plugin/pdf-poster/) * [Active Topics](https://wordpress.org/support/plugin/pdf-poster/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/pdf-poster/unresolved/) * [Reviews](https://wordpress.org/support/plugin/pdf-poster/reviews/) * 7 replies * 4 participants * Last reply from: [shehabulislam](https://wordpress.org/support/users/shehabulislam/) * Last activity: [2 years, 10 months ago](https://wordpress.org/support/topic/vulnerability-issue-9/#post-16937420) * Status: resolved