Security Concerns Regarding Photonic Plugin and polyfill.io Issue

  • Resolved adagio_aw

    (@jsunyer)


    4 months, 3 weeks ago

    Hi,

    I have recently come across a significant security vulnerability involving the polyfill.io CDN, which has reportedly compromised over 100,000 websites. This vulnerability involves the injection of malicious code that could potentially steal sensitive information from users.

    Given this issue, I am concerned about the usage of polyfill.js in the Photonic plugin. Could you please confirm if the Photonic plugin uses polyfill.io in any of its code or dependencies? If so, are there any steps being taken to mitigate this vulnerability and ensure the security of websites using the Photonic plugin?

    Thank you for your assistance.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Sayontan Sinha

    (@sayontan)

    Photonic does not use polyfill.io. For critical vulnerabilities, the WP Plugin team notifies plugin authors using impacted scripts.

    Plugin Author Sayontan Sinha

    (@sayontan)

    Note that the issue is with the usage of a CDN – the bad actors compromised the file directly on the CDN. All across Photonic, there is no use of CDNs, so the issue doesn’t touch Photonic.

    Thread Starter adagio_aw

    (@jsunyer)

    Thank you for the clarification. I suspected as much from my code review, but I wanted to be sure. Your confirmation is very helpful.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.