I have been using the Ad Invalid Click Protector (AICP) plugin for a while on my wordpress and now classicpress sites.
The version I was using 1.2.3 was not updated as recent versions cannot be used under Classicpress according to ClassicPress.
Now there is a vulnerability in the version I was using.
According to the developer on their github they are not using anything that would make the plugin wordpress only, but I’m guessing they must be using new api calls and on wordpress it says 5.0 minimum so that would be it.
Can someone please help them ensure the plugin can be compatible with ClassicPress?
I am not a real dev, but if the plugin states support for WP 5 and higher, chances are they are using some function that is available from that version of WP. This means they will have to include a check in the plugin allowing for two different functions to work (the function checks if it is WP or CP, then executes the right code that is specific for the CMS to do the job).
I assume they can do that because from your description it seems they bumped the required WP version recently.
So they have to just add in the function to check what CMS is the plugin installed on and provide in the plugin the code to work with CP and the code for blocks to be used when installed on WP. That way they can also make sure that the plugin is up-to-date security-wise.