Vulnerability warning

  • Resolved gauravintg

    (@gauravintg)


    10 months, 1 week ago

    One of my client website uses the getwid plugin and its hosted in WPEngine. Security scan reported below vulnerability. kindly fix the same and provide the updated plugin.

     Getwid has a known vulnerability that may be affecting this version.
    – < 2.1.12
    This plugin is closed. Please replace it with another.
    Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’)
    The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
    Global score: 6.4 / 10
    Severity: Medium
    [+] CVE-2024-5020
    [+] Multiple Plugins <= (Various Versions) – Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via FancyBox JavaScript Library
    [+] WordPress Getwid – Gutenberg Blocks Plugin <= 2.0.11 is vulnerable to Cross Site Scripting (XSS)
    • This topic was modified 10 months, 1 week ago by gauravintg.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Javier Casares

    (@javiercasares)

    10 months, 1 week ago

    @gauravintg I checked the version at WPVulnerability and now is fixed. It was a typo with the version. Affected versions are < 2.0.12 and not < 2.1.12.

    Thread Starter gauravintg

    (@gauravintg)

    10 months, 1 week ago

    I am still seeing this warning in my WP dashboard. can you please let me know how it will removed?

    Plugin Support Eugene White

    (@eugenewhite)

    9 months, 2 weeks ago

    Hello @gauravintg,

    I would like to clarify that our Getwid plugin is not closed and doesn’t have any known vulnerability issues. As Javier pointed out, there is a typo in your vulnerability report since the latest version of the plugin is 2.1.1. So I recommend that you ensure you have the latest version of the plugin installed. If you still have concerns, please try using a different vulnerability scanning solution to rule out a potential false alarm.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Vulnerability warning’ is closed to new replies.