Plugin Support
Jasmine
(@hyenokian)
Dear @tippl,
Thank you for your topic.
Regarding the libraries you mentioned, please note that our plugin includes a wide range of functionalities, and updating those libraries without proper testing could potentially cause multiple issues within the plugin.
We regularly cooperate with security-focused plugins such as Wordfence and WPScan when addressing real security concerns. At the moment, there are no active security issues related to our plugin.
The items you referred to are not considered security vulnerabilities. They are simply older versions of libraries, which by themselves do not present an immediate risk.
To better assist you, could you please provide more details about the pen test you mentioned?
- How exactly was the check performed?
- What specific results did it show?
Our development team will also review this, but as mentioned above, your findings should not be treated as security issues.
Thank you.
As this is a public department website, it has been tested for security by the IT service department and may only be published once the issues have been resolved. We failed the test due to these software components.
jQuery.datatables 1.10.23: https://nvd.nist.gov/vuln/detail/CVE-2021-23445
“This constitutes a violation of the administrative regulation, as security patches (including those for
third-party products) must be installed immediately.”
bootstrap.js 4.5.3: https://endoflife.date/bootstrap
“According to the information gathered using the means at our disposal, the above-mentioned
software is no longer maintained by the manufacturer in the version branch used and, as a result, is no longer provided with security patches. The operation of the web application with the version currently used in the web application is not permitted.”
https://owasp.org/Top10/A06_2021-Vulnerable_and_Outdated_Components/
https://cwe.mitre.org/data/definitions/1104.html
Thanks
Manja
Plugin Support
Jasmine
(@hyenokian)
Dear @tippl,
Thanks for the response and the detailed clarification.
We’re open to implementing such updates in the future. However, we kindly ask for your understanding, as making changes like these requires thorough testing and functional review, and this process takes time.
Since the plugin is currently used by over 20.000+ users, there’s a high chance that such changes could unintentionally cause issues for other users.
As we mentioned in our previous response, the plugin has many features related to them, so even small changes can have effects.
For now, please contact us via this form so our Dev Team can find an alternative solution specifically for your use case. Our Support Team is ready to help you as soon as possible.
Thank you.
Thanks a lot! I will get in touch with the dev team.
Plugin Support
Jasmine
(@hyenokian)
Dear @tippl,
Thanks for the reply.
I want to mention that our Support Specialists have already received and replied to your request via email. So, you can continue the discussion further with them there.
Thank you.
