啶膏啶侧啶?啶啶?啶啶ㄠた啶傕 啶囙え啶灌た啶傕う啷€.REGISTER NOW GET FREE 888 PESOS REWARDS!

(@glaukabazi)

Dear,

Recently i have made a website for a client. After receiving it the client sent it through acunetix security check. which as a result brought back this alert

—— acunetix alert starts here ——

Web Server
Alert group Vulnerable JavaScript libraries
Severity Medium
Description
You are using one or more vulnerable JavaScript libraries. One or more vulnerabilities were reported for this version of the library. Consult Attack details and Web References for more information about the affected library and the vulnerabilities that were reported.
Recommendations Upgrade to the latest version.
Alert variants
4
Details
jQuery 3.1.1
URL: https://ajax.googleapis.com/ajax/libs/jquery/3.1.1/jquery.min.js?ver=3.1.1
Detection method: The library's name and version were determined based on the
file's CDN URI.
References:
https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/
https://mksben.l0.cm/2020/05/jquery3.5.0-xss.html
https://jquery.com/upgrade-guide/3.5/
https://api.jquery.com/jQuery.htmlPrefilter/

GET /publikimet/ict/embed/ HTTP/1.1
Referer: /wp-json/oembed/1.0/embed
Cookie: wordpress_test_cookie=WP%20Cookie%20check; privacy_embeds=consent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36
Connection: Keep-alive

—— the end of acunetix alert ——

So if i am right, my question here should be how to update this jquery. Cause i am not really even understanding what acunetix is requiring here.

Thank you so much in advance guys

The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)

Jacob Peattie
(@jakept)

3 years, 6 months ago
They’re reporting an out of date version of jQuery, but the URL is not the copy of jQuery included with WordPress. You are likely using a theme or plugin that is enqueueing its own version of jQuery. This has been bad practice for a long time, and I don’t believe it’s even allowed in plugins in the plugin repository, so it’s likely a ‘premium’ theme or plugin that’s responsible.

First make sure your theme and all your plugins are up to date, and if that doesn’t resolve the issue, try using a plugin like Query Monitor to check which theme/plugin is responsible for loading this version of jQuery. Once you know, contact the author for assistance in resolving the issue. If you need help identifying the script with Query Monitor, you can try asking in it’s support forum.
- This reply was modified 3 years, 6 months ago by Jacob Peattie.
Thread Starter glaukabazi
(@glaukabazi)

3 years, 6 months ago

This is what i am seeing in page source:

<link rel=”alternate” type=”application/json+oembed” href=”https://localhost/s3/wp-json/oembed/1.0/embed?url=http%3A%2F%2Flocalhost%2Fs3%2F” />

<link rel=”alternate” type=”text/xml+oembed” href=”https://localhost/s3/wp-json/oembed/1.0/embed?url=http%3A%2F%2Flocalhost%2Fs3%2F&format=xml” />

Thread Starter glaukabazi
(@glaukabazi)

3 years, 6 months ago

And can you let me know what is the latest version of this if not 1.0. Thank you very much in advance

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Vulnerable JavaScript libraries’ is closed to new replies.

Vulnerable JavaScript libraries

Tags

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics