Outdated JS libraries – moment and jquery-validation

  • Resolved Marcus

    (@marcusjpickering)


    2 years, 9 months ago

    Are there any plans to update the bundled javascript libraries? We had outdated versions of moment.js and jquery-validation in the Forminator plugin flagged during a recent penetration test.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support Nebu John – WPMU DEV Support

    (@wpmudevsupport14)

    2 years, 9 months ago

    Hi @marcusjpickering,

    Hope you are keeping well and thank you for reaching out to us.

    In most instances, these results are inaccurate. This discrepancy arises because we consistently apply security patches to our products. However, in certain cases, the version number remains unchanged, causing these tools to incorrectly indicate the presence of a vulnerability.

    Nonetheless, we treat security with utmost seriousness. Could you kindly provide the details of the test and its results so that we can thoroughly examine the situation?

    You can email us the details to [email protected] using the following template. 

    Subject: ATTN: WPMU DEV support - wp.org

Please send:
– Vulnerability details
– Link back to this thread for reference (https://ww.wp.xz.cn/support/topic/outdated-js-libraries-moment-and-jquery-validation/)
– Any other relevant URLs/info

    To ensure that your email doesn’t go unnoticed, please notify us here after you’ve submitted the form. Make sure to use “ATTN: WPMU DEV support – wp.org” as the subject of the email.

    Kind Regards,
    Nebu John

    Plugin Support Amin – WPMU DEV Support

    (@wpmudev-support2)

    2 years, 9 months ago

    Hello @marcusjpickering ,

    We haven’t received any message from you for 8 days, so I will go ahead and mark this topic as resolved.

    If you want to get back to this subject go ahead and reopen it.

    kind regards,
    Kasia

    Thread Starter Marcus

    (@marcusjpickering)

    2 years, 8 months ago

    Thank you for the response and apologies for the delay due to holidays.

    I’ve submitted details of the identified vulnerabilities to the email address as requested.

    Kris – WPMU DEV Support

    (@wpmudevsupport13)

    2 years, 8 months ago

    Hi @marcusjpickering

    We have passed your data to our Forminator developers. Thank you for your patience while we look into this further.

    Kind Regards,
    Kris

    Kris – WPMU DEV Support

    (@wpmudevsupport13)

    2 years, 8 months ago

    Hi @marcusjpickering

    As mentioned in email conversation:

    This vulnerability shouldn’t be a “big deal” in case of Forminator because JS is not the only method used for input validation – so even if the library allows some arbitrary input that may possibly be malicious, it should be further sanitized anyway but plugin’s code.
    However, it still is a vulnerability of course. We already have a plan to update the library so it will be addressed. Next version should contain update for that.

    I will mark this thread as resolved now.

    Kind Regards,
    Kris

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Outdated JS libraries – moment and jquery-validation’ is closed to new replies.