False Positive - Jetpack Flags Internal Carousel Block Plugin Vulnerability

Jetpack is reporting the `carousel` plugin as vulnerable on several partner sites, see zd-10568438 and zd-10567265. 

> Vulnerable Plugin: carousel (version 0.1.1)

I can see it's still not _officially_ added to this repo, but it's being used on the sites mentioned in the tickets above. 

- PR: https://github.com/a8cteam51/special-projects-blocks-monorepo/pull/49

**What's happening:**  
- The custom Gutenberg block plugin uses the `carousel` slug, which is also used by another plugin on WordPress.org that genuinely has a vulnerability for all versions < 1.8 ([WPScan ref](https://wpscan.com/plugin/carousel/)).
- Team51's `carousel` plugin is way below that version number and, because it shares the same slug, Jetpack is flagging it as vulnerable. 


**Suggested fix**:

- Not sure if it'll introduce other side effects, but updating the plugin slug should do it.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

False Positive - Jetpack Flags Internal Carousel Block Plugin Vulnerability #115

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

False Positive - Jetpack Flags Internal Carousel Block Plugin Vulnerability #115

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions