Agreed. This was disclosed publicly over 40 days ago. We need this patched ASAP.
CVE-2022-3399 rated a 4.4 (medium risk)
Hi,
Can you please tell where has it been flagged? Most probably the data shared somewhere is just inaccurate.
We don’t have any information about the issue with the current version of the plugin. There was indeed a vulnerability in 2.4.17 and 2.4.17.1 that’s been fixed in 2.4.18 version released more than 2 months ago.
Hi, you can see the report on WPScan here: https://wpscan.com/vulnerability/b86946a4-ddbb-430d-a2d6-d7ca6b1cb4be/
If it has been patched in 2.4.18, it may not have been verified yet. I am running 2.4.18 on my sites and still get the security warning.
Plugin is showing vulnerability risk:
Security risk: xss. Data from an attacker could be interpreted as code by site visitors’ web browsers. The ability to run code in another site visitors’ browser can be abused to steal information, or modify site configuration.
Can there be an update available to this issue. Using version 2.4.18 in my site.
Thanks
Everything has been sorted out in 2.4.9
Fantastic, glad to see the paperwork hole patched 🙂 Not as important as the actual security patch but still important nonetheless.
Hi @dfactory
Thank you for letting us know this is in hand. Do you know when 2.4.19 will be available?
Thanks
Hi Supoort
Can you kindly share an ETA for the latest plugin updates with the above fix. Its been two weeks but still the latest version is not available.
Thanks
