Outdated jQuery Version (1.12.4) with Known Vulnerabilities | ww.wp.xz.cn

Resolved Jose Mortellaro
(@giuse)

8 months, 3 weeks ago

Hello,

In your plugin, you are using a very old version of jQuery. Please check the file vendor/tubalmartin/cssmin/gui/third-party/jquery-1.12.4.min.js.
This version dates back to 2016 and is also flagged for known vulnerabilities, as it predates v3.4.0.. Please, check CVE-2019-11358 for details.

Would it be possible to fix this security issue?

Thank you in advance, and have a great day!

Jose

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Support Damilare
(@deabiodun)

8 months, 3 weeks ago

Hi Jose!
Thanks for raising this. However, please note that the jQuery file you’ve referenced is part of the resources of a publicly available composer package named tubalmartin/cssmin, which is not maintained by us.

In addition, we do not use that jquery file, so its presence in that package does not mean much.

However, I’ll reach out to our development team to have a look.

Thanks once again for your submission.

Kind regards.
Thread Starter Jose Mortellaro
(@giuse)

8 months, 3 weeks ago
Honestly, it’s not a big problem for me, but please be aware that security systems may flag the issue, and whoever manages the site might decide to replace your plugin with another one. As far as I’m concerned, you can close the thread. I just wanted to give you a heads-up.

Best regards

Jose
- This reply was modified 8 months, 3 weeks ago by Jose Mortellaro.
Plugin Support Damilare
(@deabiodun)

8 months, 3 weeks ago

Thanks for the notice.

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Outdated jQuery Version (1.12.4) with Known Vulnerabilities’ is closed to new replies.

3 replies
3 participants
Last reply from: Damilare
Last activity: 8 months, 3 weeks ago
Status: resolved