• Resolved carterkay

    (@carterkay)


    Hello,

    Firstly, thanks for a great plugin, never had any issues until now.

    Wordfence Premium is flagging WP Google Review Slider version 17.9 as vulnerable: “WP Google Review Slider <= 17.9 – Unauthenticated Stored Cross-Site Scripting”, CVE-2026-39451.

    Patchstack also appears to list <=17.9 as vulnerable with no official patched version available.

    I can see 17.9 added output sanitisation, but Wordfence is still advising removal. Can you confirm whether 17.9 fully patches CVE-2026-39451, and if so, are you able to coordinate with Wordfence/Patchstack so they mark the vulnerability as patched?

    Thanks

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author jgwhite33

    (@jgwhite33)

    Yes, it is safe. What is crazy is 17.9 wasn’t even out in April when this was reported so I don’t know why it says 17.9 has the issue. I will try and work with them to get it taken down.

    • This reply was modified 1 month ago by jgwhite33.
    • This reply was modified 1 month ago by jgwhite33.
    Plugin Author jgwhite33

    (@jgwhite33)

    I went ahead and did some more security hardening just in case. I also added another template style. Just pushed version18.0

    Thread Starter carterkay

    (@carterkay)

    Thanks for a speedy responce.

    I have scanned the site with Wordfence Premuim and there are no issues.

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.