To anyone reading this, all “vulnerabilities” have been addressed.
However I would like to note that this security vulnerability incident is the result of a scam. I have received 5 emails from separate “companies” this month reporting this same vulnerability, which to be exploited requires an attacker to be logged in to your WordPress dashboard with admin credentials. There are plenty of ways to exploit this vulnerability if an attacker has your WordPress credentials. But since they won’t get anywhere reporting WordPress vulnerabilities, they choose plugins authors. The first few scammers that contacted me wanted money to remove my plugin name from their “report”. The ones who take is as far as this are aiming to get this plugin closed. Assumedly so they can scoop up the users to exploit themselves once the plugin is taken down.
Version 2.10.4 should eliminate scammers contacting me for this “vulnerability”, and there should be no loss in functionality of this plugin.
