Vulnerability in Google Translate Plugin in JetPack?

  • Resolved webgyrl

    (@webgyrl)


    7 years ago

    Hi! I wonder if anyone knows anything about this.

    I had a site hacked and as we ran scans, my partner noticed this on all the sites we have JetPack installed:
    wp-content/plugins/jetpack/modules/widgets/google-translate.php’
    Script version check [OLD] [Google Translate Widget for WordPress.com v0.1 < v5.4]

    Does anyone know if this is legit or something I should be wary of? Why is the version number so low?

    JetPack is a great set of tools but that old version could be a liability. Unless there is something I am not understanding about this particular bundle for JetPack.

    Any ideas or thoughts?

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Jeremy Herve

    (@jeherve)

    Jetpack Mechanic ??

    I’m not quite sure what “v5.4” refers to here. Jetpack’s Google Translate Widget never used that version number: it was always set to 0.1. You can see the code here:
    https://github.com/Automattic/jetpack/blob/5.4/modules/widgets/google-translate.php#L2-L9

    I wonder if your security scanning tool may get confused by the file headers on that file; such file headers are usually used to specify plugin information but in this case the widget is only one widget inside a bigger plugin, Jetpack. Since Jetpack’s current version is 5.4, I think that’s probably what’s happening:
    https://github.com/Automattic/jetpack/blob/5.4/jetpack.php#L3-L12

    Could you contact the developer of your security scanner plugin and ask them to take a look, and see if they can ignore plugin headers inside other plugins to avoid false positives like this one? Do not hesitate to refer them to this thread if they have additional questions.

    As per you original question, you can rest assured: there is no known vulnerability in the Google Translate Widget in Jetpack today.

    Thread Starter webgyrl

    (@webgyrl)

    Hi there Jeremy,

    Thanks so much for the answer. Makes total sense and I will pass the info along.

    I really appreciate your speedy reply!

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Vulnerability in Google Translate Plugin in JetPack?’ is closed to new replies.

Tags