Viewing 1 replies (of 1 total)
  • Plugin Contributor Savvas

    (@savvasha)

    Hi @colbi

    The development team is currently reviewing this report. Their initial assessment is that it is most likely a false positive, as the report history indicates that it was originally submitted in February 2026 and approved for publication in July 2026 (see screenshot below).

    In the meantime, the plugin has received multiple updates, including a security patch that appears to address the issue described in the Patchstack report.

    Nevertheless, based on the details provided in the Patchstack report, exploiting this vulnerability would require an attacker to already have administrator-level access to the site. Therefore, the potential impact is considered to be very limited, if none.

    Thanks,
    Savvas

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.