Title: vulnerabilty found according to patchstack Last modified: April 10, 2025 --- # vulnerabilty found according to patchstack * Resolved [suikerspin](https://wordpress.org/support/users/suikerspin/) * (@suikerspin) * [1 year, 2 months ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/) * Hello, * According to patchstack the current version of the plugin (and lower versions) is vulnerable. * See [https://patchstack.com/database/wordpress/plugin/interactive-geo-maps/vulnerability/wordpress-interactive-geo-maps-plugin-1-6-24-reflected-cross-site-scripting-xss-vulnerability?_a_id=110](https://patchstack.com/database/wordpress/plugin/interactive-geo-maps/vulnerability/wordpress-interactive-geo-maps-plugin-1-6-24-reflected-cross-site-scripting-xss-vulnerability?_a_id=110) * Are you planning a fix? Viewing 8 replies - 1 through 8 (of 8 total) * Plugin Author [MapGeo](https://wordpress.org/support/users/interactivegeomaps/) * (@interactivegeomaps) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18413018) * Greetings, when there’s a security vulnerability found, usually these companies send the plugin authors at least a month before it’s made public, instructions on where the issue is and suggestions on how to fix it, so that when the issue is made public, there’s already a fixed version. We are currently awaiting additional instructions from patchstack with more information. We apologize for the delay however we are waiting also for feedback which may take a week to validate. * Plugin Author [MapGeo](https://wordpress.org/support/users/interactivegeomaps/) * (@interactivegeomaps) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18414422) * I can confirm this from our local env . One of the vulnerability was via `post_type =igmap&page=interactive-geo-maps-pricing` which was fixed by `freemius-sdk v2.11.0` and we patched in `v1.6.23`. The other one was in any tab, where user could inject encoded JavaScript snippets or images with links and trick users to click. We have fixed this in `v1.6.25` by sanitizing url params before using them * [Exo](https://wordpress.org/support/users/richardshea/) * (@richardshea) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18414715) * Thanks for the updates, look forward to seeing a new version we can download soon to fix. * [Rich Ambrose](https://wordpress.org/support/users/rich-ambrose/) * (@rich-ambrose) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18421738) * WordFence has also flagged a security vulnerability. * [https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/interactive-geo-maps/interactive-geo-maps-1624-reflected-cross-site-scripting](https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/interactive-geo-maps/interactive-geo-maps-1624-reflected-cross-site-scripting) * I have some sites with the Pro version and some with the free. The free version can only be updated to 1.6.18, although I can uninstall and then download 1.6.24, this does not include the security update. Will there be a rollout for the free version? - This reply was modified 1 year, 1 month ago by [Rich Ambrose](https://wordpress.org/support/users/rich-ambrose/). - This reply was modified 1 year, 1 month ago by [Rich Ambrose](https://wordpress.org/support/users/rich-ambrose/). Reason: Improved the question - This reply was modified 1 year, 1 month ago by [Yui](https://wordpress.org/support/users/fierevere/). * [kalvinkingsleymint](https://wordpress.org/support/users/kalvinkingsleymint/) * (@kalvinkingsleymint) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18424610) * Hello, just following up on this – it is marked as RESOLVED but doesn’t appear to be? At least, I don’t see a patched version available for download anywhere? * Plugin Author [MapGeo](https://wordpress.org/support/users/interactivegeomaps/) * (@interactivegeomaps) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18424684) * Hello Everyone, we rolled out a new patched version just yesterday * [lohanelbt](https://wordpress.org/support/users/lohanelbt/) * (@lohanelbt) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18426252) * Hello, when will the version be online? On my end, I don’t have anything at all. Thanks. * [Exo](https://wordpress.org/support/users/richardshea/) * (@richardshea) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18426623) * New version does not seem online despite this showing as resolved and statements of “we rolled out a new patched version” which is now 2 days ago. Can we ask if developers if this can be fetched manually elsewhere (your own site?) if it’s not here? Viewing 8 replies - 1 through 8 (of 8 total) The topic ‘vulnerabilty found according to patchstack’ is closed to new replies. * ![](https://ps.w.org/interactive-geo-maps/assets/icon-256x256.png?rev=3115060) * [MapGeo - Interactive Geo Maps](https://wordpress.org/plugins/interactive-geo-maps/) * [Frequently Asked Questions](https://wordpress.org/plugins/interactive-geo-maps/#faq) * [Support Threads](https://wordpress.org/support/plugin/interactive-geo-maps/) * [Active Topics](https://wordpress.org/support/plugin/interactive-geo-maps/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/interactive-geo-maps/unresolved/) * [Reviews](https://wordpress.org/support/plugin/interactive-geo-maps/reviews/) * 14 replies * 6 participants * Last reply from: [Exo](https://wordpress.org/support/users/richardshea/) * Last activity: [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerabilty-found-according-to-patchstack/#post-18426623) * Status: resolved