WordPress 5.2.1 Incompatible with PCI Compliance in Q2 of 2019

  • Our Payment Processor’s ASV Qualays has just stated WordPress 5.2.1 cannot obtain PCI Compliance due to End-of-Life jquery being used regardless that WordPress utilizes a custom implementation of jquery 1.4, specifically stating the ONLY way to achieve compliance is to

    You will need to upgrade your jQuery to 3.4.0 and then confirm those changes with a rescan.

    Um Houston, we have a problem the site is and has been an active eCommerce store for 5+ years built completely around WordPress and has obtained PCI Compliance for each previous quarter.

    • This topic was modified 5 years, 5 months ago by libertytalk.
    • This topic was modified 5 years, 5 months ago by libertytalk.
    • This topic was modified 5 years, 5 months ago by libertytalk.
    • This topic was modified 5 years, 5 months ago by libertytalk.
    • This topic was modified 5 years, 5 months ago by libertytalk.
    • This topic was modified 5 years, 5 months ago by libertytalk.
    • This topic was modified 5 years, 5 months ago by libertytalk.
    • This topic was modified 5 years, 5 months ago by Jan Dembowski.
Viewing 4 replies - 1 through 4 (of 4 total)
  • Josh Feck

    (@builtbynorthby)

    Hi,

    What you can do is add a plugin like the jQuery Manager plugin
    ( https://www.ads-software.com/plugins/jquery-manager/ )
    which allow you to use jQuery 3.4.0 on your website to help with the PCI compliance.

    Then, after this ticket is complete and included in a release you can remove the plugin.

    Thread Starter libertytalk

    (@libertytalk)

    Awesome-sauce, will give it a go, re-scan, and keep fingers crossed it doesn’t bork up a functioning ecommerce site.

    Thank you.

    Josh Feck

    (@builtbynorthby)

    You’ll do well to test the ecommerce functionality, and anything else from the theme or plugins that uses the jQuery library because there can be some breaking changes when updating to jQuery 3.

    @libertytalk Hey there! For my knowledge, are you capturing payment card data within a form that is found directly on the client’s webpage that is then being redirected to a third party shopping cart for processing or being sent directly to the client’s processor? Let me know. For my understanding.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘WordPress 5.2.1 Incompatible with PCI Compliance in Q2 of 2019’ is closed to new replies.