Most recent update security issue

Hi guys,

We got the email below from Kinsta and we are wondering if you can tell us which files you guys updated to address the security issue so we can locate and review them. Our goal is to make sure that our child theme isn’t overwriting the code you guys made adjustments to in order to deal with the security issue. Thanks!

Hello Aaron,
We are writing you today to notify you about a security vulnerability which was discovered in the Newspaper theme that was detected on one or more of your websites.

https://wpvulndb.com/vulnerabilities/10253

The newspaper theme contains a vulnerability which allows attackers to perform an authenticated, reflected cross-site scripting attack.

This affects versions 10.3.3 and below.

We recommend updating this theme immediately to the latest version.

The following is a list of affected sites we have determined that you currently have access to in MyKinsta.

hoop-ball.com

This vulnerability may exist on both live and staging environments. We recommend that both are checked and updated.

If you have any questions, please feel free to reach out to our Support team.
Thank you for being a Kinsta customer!

The Kinsta Team

Hey there

You can check updated files in the Wordpress theme track: https://themes.trac.wordpress.org/browser/newspaper-x/

Are you guys aware of the vulnerability? We thought if you guys knew why your theme had a security vulnerability, that you could tell us where it is at rather than trudging through all those files and not really knowing where the security vulnerability for your theme was. This is a pretty big deal.

Hey there

From what we know our theme files are not vulnerable, besides this, every theme on wordpress.org is checked by professional theme reviewers from the wordpress.org, if anyone is claiming that theme is vulnerable we will be happy to take this in consideration and we’ll make an immediate update of the theme files, for this we need a detailed report of the vulnerability

Thanks in advance