Title: Security Warning Last modified: July 18, 2023 --- # Security Warning * Resolved [Chuckie](https://wordpress.org/support/users/ajtruckle/) * (@ajtruckle) * [2 years, 9 months ago](https://wordpress.org/support/topic/security-warning-18/) * My domain provider one.com just informed me by email (with above link) about high security issue with Shortcodes Ultimate. * Please advise. * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fsecurity-warning-18%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 10 replies - 1 through 10 (of 10 total) * Plugin Author [Vova](https://wordpress.org/support/users/gn_themes/) * (@gn_themes) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/#post-16911337) * The issue was fixed in 5.13.1. Please install the latest update. * The information at patchstack is invalid. * Thread Starter [Chuckie](https://wordpress.org/support/users/ajtruckle/) * (@ajtruckle) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/#post-16911459) * Maybe flag it to them then ? We we have messages showing. * [dsawyers](https://wordpress.org/support/users/dsawyers/) * (@dsawyers) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/#post-16912572) * WPMU Dev Defender is also showing is a vulnerability issue, probably because all the malware scanners use the same vulnerability databases/API. * WordPress Shortcodes Ultimate plugin <= 5.13.1 – Reflected Cross Site Scripting( XSS) vulnerability * -Vulnerability type: Cross Site Scripting (XSS) -No Update Available * Thread Starter [Chuckie](https://wordpress.org/support/users/ajtruckle/) * (@ajtruckle) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/#post-16912795) * Yeah. I get the same. Already have latest version. * Plugin Author [Vova](https://wordpress.org/support/users/gn_themes/) * (@gn_themes) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/page/2/#post-16914340) * I’ve contacted Patchstack today. Their chatbot have promised that they will reply on Monday. I hope they will fix this asap. * Please don’t worry. Freemius rep. contacted me about two weeks before the report was published, so this wasn’t a surprise. It was a big collective update of all Freemius-based plugins. * I’m sure the Patchstack’s report will be fixed soon. Anyways, if they won’t update the report, I will publish a new version of the plugin just to eliminate those false-positives. * [Sancoale Technologies](https://wordpress.org/support/users/sancoale/) * (@sancoale) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/#post-16917252) * Even i am getting the following warning from iThemeSecurity, even though i have the latest version of the plugin – Scheduled site scan report: Vulnerable Software * Known Vulnerabilities - [WordPress Shortcodes Ultimate plugin <= 5.13.1 – Reflected Cross Site Scripting (XSS) vulnerability](https://itsec-site-scanner.ithemes.com/vulnerability-details/djIubG9jYWwuNUV3NHltVGVxUjU5REJZeklfeHRzUDMyZmQ2R3c1dFF3d1VJTVNlbmpjTjAwZTkwSG1DeEZXSG9jUXc1RVdHelFsN1NMNzgwNlVvRzIybmxMdl9Rc1FuaDJOWkxXM3VPa1pRNVZFYmk0UVExTVMtVDRvRFBCdXVnLU1RanlqN2x2b2hFeDRfTWpOWVNSaWlwY0RVd1FKS3d1ZFhxamdLVmFIa3R0c2RIcEdsMUFwSzgyWVBFS2FxU3FCT1hWb1J4R0lkQjlhQXdFRGtqUzlNTXI1eURMUFVNaFBSU0tXTnBNVF9ZcUdWSEZoTXMzU2JzVGZPUkd5bDlSQ1VWOXlFejNiUkkxWDZwdmtKekVFVjZTYnpMTFlRSWxXbTZjQUdJSEhjSzc3NTFudDVDUUJ1a2s5cTZjU1NzNVFnc3F4UkY2b3gtdFJ6dHZMcWdrSnRYNjR0UlFuQjFRNjI5WHhaSVVHS191NzhFa0wwaHh0QXBEamQ5VWpKV29BTTBaSU9hVnAydQ%253D%253D) * [lanainord](https://wordpress.org/support/users/lanainord/) * (@lanainord) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/#post-16919367) * Hello, I still have this problem. What to do? * Plugin Author [Vova](https://wordpress.org/support/users/gn_themes/) * (@gn_themes) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/#post-16920651) * Well, it seems Patchstack’s support decided not to respond. * I’m releasing a new version (5.13.2) to suppress security alerts. This should solve the issue. * Thread Starter [Chuckie](https://wordpress.org/support/users/ajtruckle/) * (@ajtruckle) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/#post-16921514) * Thank you. * [daphnetalbot](https://wordpress.org/support/users/daphnetalbot/) * (@daphnetalbot) * [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/page/2/#post-16924499) * Thank you for releasing the update and working on getting this cleared up. I have been updating my sites since yesterday. I use PLESK and their WordPress Tool kit is showing that the 5.13.2 shows a vulnerability. erg. Thought you should know. sorry. Viewing 10 replies - 1 through 10 (of 10 total) The topic ‘Security Warning’ is closed to new replies. * ![](https://ps.w.org/shortcodes-ultimate/assets/icon-256x256.gif?rev=2547563) * [WP Shortcodes Plugin — Shortcodes Ultimate](https://wordpress.org/plugins/shortcodes-ultimate/) * [Frequently Asked Questions](https://wordpress.org/plugins/shortcodes-ultimate/#faq) * [Support Threads](https://wordpress.org/support/plugin/shortcodes-ultimate/) * [Active Topics](https://wordpress.org/support/plugin/shortcodes-ultimate/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/shortcodes-ultimate/unresolved/) * [Reviews](https://wordpress.org/support/plugin/shortcodes-ultimate/reviews/) ## Tags * [warning](https://wordpress.org/support/topic-tag/warning/) * [xss](https://wordpress.org/support/topic-tag/xss/) * 17 replies * 6 participants * Last reply from: [daphnetalbot](https://wordpress.org/support/users/daphnetalbot/) * Last activity: [2 years, 8 months ago](https://wordpress.org/support/topic/security-warning-18/page/2/#post-16924499) * Status: resolved