Plugin jquery version is security risk!

  • Resolved dave8441

    (@dave8441)


    4 years, 3 months ago

    When checking my webpage in Lighthouse, it reports this issue:

    Includes front-end JavaScript libraries with known security vulnerabilities 1 vulnerability detected
    Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers. Learn more.
    Library Version
    jQuery [email protected].4
    Vulnerability Count: 1
    Severity: High

    Will this be fixed?

Viewing 5 replies - 1 through 5 (of 5 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    There is nothing to fix.

    The version of JQuery shipped with WordPress is secure. All current security patches have been backported to it. Note that the next version of WP will have an updated version of jQuery! (Also secure.)

    Thread Starter dave8441

    (@dave8441)

    Thank you for your reply, but I am not referring to WordPress. The problem is with the WooCommerce Advanced Extra Fees Lite plugin, and that is why I posted this in their support forum. When I deactivate this plugin, the warning message in Lighthouse goes away. I hope they can fix it. Otherwise, I will have to find a different plugin.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    As far as I can tell, this plugin does not include any versions of jQuery or jQuery-UI and uses what’s provided by WP core.

    Thread Starter dave8441

    (@dave8441)

    Then I am at a loss here to explain the warning message. Maybe the developers can offer some ideas.

    Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    It’s a false positive. It looks only at the version number.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Plugin jquery version is security risk!’ is closed to new replies.