Our plugin is sanitized and escaped using WP standard functions and SQL prepare method. We have checked line by line and no where found any vulnerability. Please provide proof of your false accusation.
https://patchstack.com/database/vulnerability/wp-edit-username/wordpress-wp-edit-username-plugin-1-0-4-cross-site-scripting-xss-vulnerability
https://www.cve.org/CVERecord?id=CVE-2023-47528
https://nvd.nist.gov/vuln/detail/CVE-2023-47528
WordFence is also highlighting the plugin has a security vulnerability.
Have you managed to get hold of those at PatchStack?
It does require Adminstration level access, which to be honest is a tadge weird. If I had Admin access to a website, I wouldn’t need to use a hack surely…
Never had any issues with WP Edit Username and something not quite right about this ‘claim’!
The mention of a Cross Site Scripting (XSS) by slavisamonobunt on the https://patchstack.com/ website is incorrect!
On https://patchstack.com/database/vulnerability/wp-edit-username to the right of “Vulnerability history” heading (middle of page) you will see “0 present” text. So this plugin has no vulnerabilities according to the link slavisamonobunt provided.
Maybe slavisamonobunt didn’t understand that this Cross Site Scripting (XSS) vulnerability was already fixed by the plugin author.