Security vulnerability?

Jetpack has flagged this as having a security vulnerability, no details about exactly what it is.

Any chance it can be patched? This seems very dormant.

UPDATE: I had an AI security vulnerability run on it:

Security Issue Fixed: CSRF (Cross-Site Request Forgery)

Severity: HIGH

Vulnerability: The AJAX endpoint ajax_reordering_terms() had no nonce
verification. An attacker could craft a malicious webpage that, when visited
by a logged-in WordPress admin, would silently reorder taxonomy terms without
their knowledge or consent.

Changes Made:

1. scm-wp-term-order.php – Added nonce generation (line 271-274):
   wp_localize_script( ‘term-order-reorder’, ‘termOrderData’, array(
   ‘nonce’ => wp_create_nonce( ‘term_order_reorder’ ),
   ) );
2. scm-wp-term-order.php – Added nonce verification in AJAX handler (line
   999-1002):
   if ( ! isset( $_POST[‘nonce’] ) || ! wp_verify_nonce( $_POST[‘nonce’],
   ‘term_order_reorder’ ) ) {
   die( -1 );
   }
3. js/reorder.js – Added nonce to both AJAX requests (lines 113, 186):
   nonce: termOrderData.nonce
4. Additional hardening – Output escaping:

• Added esc_html() to column value output (line 435)
• Added esc_attr() to form field value output (line 681) The plugin now properly validates that AJAX requests originate from legitimate
  WordPress admin sessions, preventing CSRF attacks.

• This topic was modified 3 weeks ago by scmsteve. Reason: Update with security info