Moving my clients to another plugin that won’t trigger these warnings.
I agree with @jane-blonde’s suggestion. @littlerchicken, could you please address this? As you can see from the support forum for your plugin, many users are concerned about this.
The specific replication steps were addressed in the 3.3.0 release, but the Patchstack reporter requested further changes. I’ve made those and have submitted them for review and am awaiting a reply.
Specifically, the vulnerability reported exists in a low level user submitting a draft with the shortcode, not with the default buttons output.
I will try to reach out to Patchstack again–I apologize for the frustration and delay on this.
My apologies for the delay. I’ve just released 3.3.1 with a confirmed fix.
