look at the version number, that’s from a year or two ago…
my hosting company pantheon dashboard showing me this warning. The scan is coming from https://wpvulndb.com/plugins/ewww-image-optimizer-cloud. It looks like the vulnerability hasn’t been reported as fixed in more recent versions. I am not sure how that is handled. In the support queue, I am seeing there is no mention of the vulnerability at all. which means I can only assume it has not been addressed.
The vulnerability never existed in the cloud version, and was fixed in version 2.0.2 of the regular version (which was a very long time ago):
= 2.0.2 =
* security: pngout error message properly sanitized to prevent XSS attack
The current changelog doesn’t contain anything that far back, but you can see it in the SVN repo here: https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/readme.txt?rev=995844#L210