Lodash Vulnerabilities

  • as Im auditing on a pentest the actual Website with WordPress, theme, plugins etc. which are are all up to date I’m getting those messages that Lodash, jquery, core.js and jquery Migrate is old. not a really known issue but still pretty old, especially Lodash.

    I talked to the theme editor from Astra theme as we’re using a child theme and they told us to get in touch with you can you help out?

    see image
    https://ibb.co/9wqJqr0

Viewing 5 replies - 1 through 5 (of 5 total)

  • What version of WP are you on. In the current WP version 6.2.2 Lodash.js bundled with WP is 4.17.21

    If your WP is up to date then something is not right – either with your scan or possibly another plugin or theme is bundling an old Lodash ( you really need the full path to see )



    Thread Starter philkmu

    (@philkmu)

    Hello, thx for the quick answer. Well how can i check this? is it written inside a file probably?

    this is a screenshot

    https://ibb.co/jHsbcqq

    • This reply was modified 1 year, 3 months ago by philkmu.

    Same way I did, search for the file and read the version number. The beauty of open source.

    Thread Starter philkmu

    (@philkmu)

    did you see the image? what to do now?

    the image shows a comment but not enough to see version. read further down about 5 lines to see the actual version number

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Lodash Vulnerabilities’ is closed to new replies.

Tags