jquery-ui 1.12.1 being used

  • Hi there.

    It looks like jquery-ui 1.12.1 is still being used which is causing security alerts with the scanner we’re using. It’d be great if it could be upgraded to either the core WP version of jquery-ui (13.2 currently) or something similar.

    Thanks

    Andy

Viewing 4 replies - 1 through 4 (of 4 total)
  • Thread Starter andyhirdjt

    (@andyhirdjt)

    (I should have added that versions of jquery-ui prior to 13.2 are vulnerable to XSS attacks)

    Plugin Support File Manager Support

    (@filemanagersupport)

    Hi Andy,

    Thank you for reaching out.

    Could you please provide more details about the specific issue you’re experiencing with the file manager? Are these security alerts related to our plugin, or is there another aspect of the file manager that is affected?

    Your clarification will help us assist you more effectively.

    Best,
    WP File Manager Support Team

    Thread Starter andyhirdjt

    (@andyhirdjt)

    Hi there.

    The warnings are around the inclusion of jquery-ui version 1.12.1 by the plugin.

    In the free version it’s in lib/main.default.js : line 11 – the version is set to 1.12.1

    In the pro version it’s in plugins/wp-file-manager-pro/file_folder_manager_pro.php : line 968

    Versions of jquery older than 1.13.2 are vulnerable to a cross site scripting attack. Here’s the CVE https://www.cvedetails.com/cve/CVE-2022-31160/

    Plugin Support File Manager Support

    (@filemanagersupport)

    Hi there,

    Thank you for bringing this to our attention.

    We acknowledge your concern regarding the inclusion of jQuery UI version 1.12.1 in our plugin. The specific warnings you mentioned in the free version (lib/main.default.js, line 11) and the pro version (plugins/wp-file-manager-pro/file_folder_manager_pro.php, line 968) are noted.

    We have added this issue to our pipeline and will address it as soon as possible.

    Thank you for your effort and for sharing the details with us.

    Best,
    WP File Manager Support Team

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.