Title: Plugin using vulnerable Moment.js lib
Last modified: April 12, 2023

---

# Plugin using vulnerable Moment.js lib

 *  Resolved Anonymous User
 * (@anonymized-20871082)
 * [3 years, 1 month ago](https://wordpress.org/support/topic/plugin-using-vulnerable-moment-js-lib/)
 * As i use this plugins i run a vulnerability test and i got info that Moment.js
   that is 2.22.2 is used in this plugin and it has a a bug in it 
   just a short 
   info.In September 2020, a critical security vulnerability was discovered in Moment.
   js versions 2.18.0 through 2.24.0, which allowed attackers to execute arbitrary
   code on a user’s computer when parsing a maliciously crafted date string.Can 
   it be updated?

Viewing 4 replies - 1 through 4 (of 4 total)

 *  [Prashant Rai](https://wordpress.org/support/users/prashantrai/)
 * (@prashantrai)
 * [3 years, 1 month ago](https://wordpress.org/support/topic/plugin-using-vulnerable-moment-js-lib/#post-16649260)
 * Hey @montifit – Thanks for reaching out!
 * We’ve notified our developers about this issue and plan to address it by updating
   the library in an upcoming version of the plugin. However, there’s no need to
   worry as the library is only used by administrators in the site and plugin admin
   area, so regular site visitors won’t be able to cause any harm. Additionally,
   the date processed by moment.js is not stored in the database, which means that
   the code can only be executed on the attacker’s computer.
 * Kindly,
 *  [Prashant Rai](https://wordpress.org/support/users/prashantrai/)
 * (@prashantrai)
 * [3 years ago](https://wordpress.org/support/topic/plugin-using-vulnerable-moment-js-lib/#post-16804767)
 * Hey @montifit – Thanks for the your patience!
 * When you have sometime, can you please update the WPForms lite to the latest 
   version **1.8.2.1** which should fix the issue that you were facing?
 * Please let me me know how it goes.
 * Kindly,
 *  Thread Starter Anonymous User
 * (@anonymized-20871082)
 * [2 years, 12 months ago](https://wordpress.org/support/topic/plugin-using-vulnerable-moment-js-lib/#post-16805964)
 * Yes, it looks like all is ok
 *  [Prashant Rai](https://wordpress.org/support/users/prashantrai/)
 * (@prashantrai)
 * [2 years, 12 months ago](https://wordpress.org/support/topic/plugin-using-vulnerable-moment-js-lib/#post-16807503)
 * Hey @montifit – We’re thrilled to hear that the issue is resolved now, and thanks
   for letting us know. For now, I’m going to close the ticket, but if you have 
   any questions, please feel free to reach out.
 * Kindly,
    -  This reply was modified 2 years, 12 months ago by [Prashant Rai](https://wordpress.org/support/users/prashantrai/).

Viewing 4 replies - 1 through 4 (of 4 total)

The topic ‘Plugin using vulnerable Moment.js lib’ is closed to new replies.

 * ![](https://ps.w.org/wpforms-lite/assets/icon.svg?rev=3254748)
 * [WPForms - Easy Form Builder for WordPress - Contact Forms, Payment Forms, Surveys, & More](https://wordpress.org/plugins/wpforms-lite/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wpforms-lite/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wpforms-lite/)
 * [Active Topics](https://wordpress.org/support/plugin/wpforms-lite/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wpforms-lite/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wpforms-lite/reviews/)

 * 4 replies
 * 2 participants
 * Last reply from: [Prashant Rai](https://wordpress.org/support/users/prashantrai/)
 * Last activity: [2 years, 12 months ago](https://wordpress.org/support/topic/plugin-using-vulnerable-moment-js-lib/#post-16807503)
 * Status: resolved