17.9 – Unauthenticated Stored Cross-Site Scripting
-
Hello,
Firstly, thanks for a great plugin, never had any issues until now.
Wordfence Premium is flagging WP Google Review Slider version 17.9 as vulnerable: “WP Google Review Slider <= 17.9 – Unauthenticated Stored Cross-Site Scripting”, CVE-2026-39451.
Patchstack also appears to list <=17.9 as vulnerable with no official patched version available.
I can see 17.9 added output sanitisation, but Wordfence is still advising removal. Can you confirm whether 17.9 fully patches CVE-2026-39451, and if so, are you able to coordinate with Wordfence/Patchstack so they mark the vulnerability as patched?
Thanks
The page I need help with: [log in to see the link]
You must be logged in to reply to this topic.