Title: WP Engine Security: Plugin Vulnerability Notification?
Last modified: July 27, 2021

---

# WP Engine Security: Plugin Vulnerability Notification?

 *  Resolved [meshcount](https://wordpress.org/support/users/meshcount/)
 * (@meshcount)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/)
 * Hi, my company received a notice from WP Engine from a 3rd party report that 
   there is a vulnerability to the plugin which the creator has not addressed — 
   something about “A7: Cross-Site Scripting (XSS)”. What is this about? I’m being
   asked to remove RealFaviconGenerator unless I can deliver some clarity.

Viewing 10 replies - 1 through 10 (of 10 total)

 *  Moderator [Steven Stern (sterndata)](https://wordpress.org/support/users/sterndata/)
 * (@sterndata)
 * Volunteer Forum Moderator
 * [4 years, 10 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14707903)
 * This is all I could find, from 2015: [https://wpscan.com/vulnerability/217acd0e-da43-49ca-b255-fa2bf8d11295](https://wpscan.com/vulnerability/217acd0e-da43-49ca-b255-fa2bf8d11295)
 *  [picktwomedia](https://wordpress.org/support/users/picktwomedia/)
 * (@picktwomedia)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14707991)
 * Newer report here on this issue
    Publicly Published 2021-06-16 (about 1 months
   ago) Added 2021-07-27 (about 22 hours ago) Last Updated 2021-07-27 (about 22 
   hours ago)
 * [https://wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9](https://wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9)
 *  Thread Starter [meshcount](https://wordpress.org/support/users/meshcount/)
 * (@meshcount)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14708017)
 * There’s a current one from June/July 2021 for reflected cross site scripting,
   though it’s beyond my knowledge what it means:
    [https://wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9](https://wpscan.com/vulnerability/ed9d26be-cc96-4274-a05b-0b7ad9d8cfd9)
 *  Plugin Author [phbernard](https://wordpress.org/support/users/phbernard/)
 * (@phbernard)
 * [4 years, 10 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14712460)
 * Hi,
 * Thank you for reporting this security breach.
 * I’m currently on vacation and will investigate it in a week.
 *  [tedmw](https://wordpress.org/support/users/tedmw/)
 * (@tedmw)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14731628)
 * [@phbernard](https://wordpress.org/support/users/phbernard/) Much appreciated,
   hopefully it’s a quick fix.
 * Thanks for all your work on RealFaviconGenerator! Not having to think about app
   icons anymore has been so nice 🙂
 *  [olivier666666](https://wordpress.org/support/users/olivier666666/)
 * (@olivier666666)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14738032)
 * Have a good holiday and see you soon.
    Disregard my post. It was BLOGVAULT the
   surveillance pugin who warned me.
 *  [redkite](https://wordpress.org/support/users/redkite/)
 * (@redkite)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14742488)
 * Any word on the fix for this? I have it on 70 client sites…
 *  Plugin Author [phbernard](https://wordpress.org/support/users/phbernard/)
 * (@phbernard)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14747850)
 * The issue has been fixed in version 1.3.22.
 * Thank you all for your reports and patience!
 *  [tedmw](https://wordpress.org/support/users/tedmw/)
 * (@tedmw)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14748998)
 * [@phbernard](https://wordpress.org/support/users/phbernard/) Thank you!! 🙏
 *  [Gwyneth Llewelyn](https://wordpress.org/support/users/gwynethllewelyn/)
 * (@gwynethllewelyn)
 * [4 years, 9 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14751058)
 * Thanks for the patched version! FYI I got the notification from two sources: 
   the ever-vigilant Wordfence team (the company behind the Wordfence plugin) as
   well as on the Dashboard for WP Remote.

Viewing 10 replies - 1 through 10 (of 10 total)

The topic ‘WP Engine Security: Plugin Vulnerability Notification?’ is closed to 
new replies.

 * ![](https://ps.w.org/favicon-by-realfavicongenerator/assets/icon-256x256.png?
   rev=972314)
 * [Favicon by RealFaviconGenerator](https://wordpress.org/plugins/favicon-by-realfavicongenerator/)
 * [Support Threads](https://wordpress.org/support/plugin/favicon-by-realfavicongenerator/)
 * [Active Topics](https://wordpress.org/support/plugin/favicon-by-realfavicongenerator/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/favicon-by-realfavicongenerator/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/favicon-by-realfavicongenerator/reviews/)

 * 10 replies
 * 8 participants
 * Last reply from: [Gwyneth Llewelyn](https://wordpress.org/support/users/gwynethllewelyn/)
 * Last activity: [4 years, 9 months ago](https://wordpress.org/support/topic/wp-engine-security-plugin-vulnerability-notification/#post-14751058)
 * Status: resolved