Title: Vulnerability warning Last modified: May 24, 2025 --- # Vulnerability warning * Resolved [gauravintg](https://wordpress.org/support/users/gauravintg/) * (@gauravintg) * [1 year ago](https://wordpress.org/support/topic/vulnerability-warning-2/) * One of my client website uses the getwid plugin and its hosted in WPEngine. Security scan reported below vulnerability. kindly fix the same and provide the updated plugin. * >  **Getwid has a known vulnerability that may be affecting this version.** > **– > < 2.1.12**This plugin is closed. Please replace it with another.**Improper > Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)** > _The product does not neutralize or incorrectly neutralizes user-controllable > input before it is placed in output that is used as a web page that is served > to other users._Global score: 6.4 / 10Severity: Medium[[+]](https://www.cve.org/CVERecord?id=CVE-2024-5020) > CVE-2024-5020[[+]](https://www.wordfence.com/threat-intel/vulnerabilities/detail/multiple-plugins-various-versions-authenticated-contributor-stored-dom-based-cross-site-scripting-via-fancybox-javascript-library) > Multiple Plugins <= (Various Versions) – Authenticated (Contributor+) Stored > DOM-Based Cross-Site Scripting via FancyBox JavaScript Library[[+]](https://patchstack.com/database/wordpress/plugin/getwid/vulnerability/wordpress-getwid-gutenberg-blocks-plugin-2-0-11-authenticated-contributor-stored-dom-based-cross-site-scripting-via-fancybox-javascript-library) > WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.11 is vulnerable to Cross > Site Scripting (XSS) - This topic was modified 1 year ago by [gauravintg](https://wordpress.org/support/users/gauravintg/). Viewing 3 replies - 1 through 3 (of 3 total) * [Javier Casares](https://wordpress.org/support/users/javiercasares/) * (@javiercasares) * [1 year ago](https://wordpress.org/support/topic/vulnerability-warning-2/#post-18481763) * [@gauravintg](https://wordpress.org/support/users/gauravintg/) I checked the version at WPVulnerability and now is fixed. It was a typo with the version. Affected versions are < 2.0.12 and not < 2.1.12. * Thread Starter [gauravintg](https://wordpress.org/support/users/gauravintg/) * (@gauravintg) * [1 year ago](https://wordpress.org/support/topic/vulnerability-warning-2/#post-18481852) * I am still seeing this warning in my WP dashboard. can you please let me know how it will removed? * Plugin Support [Eugene White](https://wordpress.org/support/users/eugenewhite/) * (@eugenewhite) * [12 months ago](https://wordpress.org/support/topic/vulnerability-warning-2/#post-18507585) * Hello [@gauravintg](https://wordpress.org/support/users/gauravintg/), * I would like to clarify that our Getwid plugin is not closed and doesn’t have any known vulnerability issues. As Javier pointed out, there is a typo in your vulnerability report since the latest version of the plugin is 2.1.1. So I recommend that you ensure you have the latest version of the plugin installed. If you still have concerns, please try using a different vulnerability scanning solution to rule out a potential false alarm. Viewing 3 replies - 1 through 3 (of 3 total) The topic ‘Vulnerability warning’ is closed to new replies. * ![](https://ps.w.org/getwid/assets/icon.svg?rev=2238400) * [Getwid - Gutenberg Blocks](https://wordpress.org/plugins/getwid/) * [Frequently Asked Questions](https://wordpress.org/plugins/getwid/#faq) * [Support Threads](https://wordpress.org/support/plugin/getwid/) * [Active Topics](https://wordpress.org/support/plugin/getwid/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/getwid/unresolved/) * [Reviews](https://wordpress.org/support/plugin/getwid/reviews/) * 5 replies * 3 participants * Last reply from: [Eugene White](https://wordpress.org/support/users/eugenewhite/) * Last activity: [12 months ago](https://wordpress.org/support/topic/vulnerability-warning-2/#post-18507585) * Status: resolved