Login

Tag Archives: jQuery UI

7 Mar 2025

WordPress Plugin Review Team Failing to Enforce Rule, Which is Leading to Popular Plugins Containing Vulnerable Libraries

As part of our work to expand the ability for our Plugin Security Scorecard to identify security issues in WordPress plugins, we have been increasing the number of third-party libraries it can detect being used in WordPress plugins and incorporating information on vulnerabilities the developers have disclosed in those. One place we have been doing that work is during security reviews of plugins. That led to us adding detection for the library jQuery UI to the tool and warning if plugins contain a version that has any of four vulnerabilities disclosed by the developer to have existed in older versions. In recent weeks, we have published several posts that partially focused on WordPress plugins that are using known vulnerable versions of the library. Those situations don’t paint a pretty picture when it comes to plugins usage of third-party libraries.

One of the plugins incorporated a vulnerable version of the library nearly 3 years after it was disclosed by the library’s developer to be vulnerable. [Read more]

4 Mar 2025

CleanTalk Claims to Vet WordPress Plugins for Insecure Dependencies While Their Security Plugin Contains Known Vulnerable Library

Last week we posted about the three most popular file manager plugins containing a vulnerable version of the jQuery UI library. The inclusion of the vulnerable version of that library was detected by our Plugin Security Scorecard. None of those plugins have been updated to address that yet, despite us notifying the developers a week ago. Over the weekend, another plugin was checked through the tool and identified to contain a vulnerable version of that. Incredibly, it is a security plugin, Security & Malware scan by CleanTalk:

[Read more]

25 Feb 2025

Popular WordPress File Manger Plugins Contain Third-Party Library With Multiple Vulnerabilities

Last week three WordPress file manager plugins were checked through our Plugin Security Scorecard tool. An issue identified by the tool in each plugin was flagged for us to review. That issue being that the plugin’s contained a known vulnerable library. What was curious was is that each plugin was flagged for the exact same vulnerabilities in the same library. Here is the relevant part of the results for the 1+ million install WP File Manager:

[Read more]

10 Feb 2025

WordPress Plugin Includes Version of Third-Party Library That Was Publicly Known to Be Vulnerable Years Before Plugin Was Even Released

As part of providing a more comprehensive view of the handling of the security of WordPress plugins through our Plugin Security Scorecard tool, we have been expanding the number of third-party libraries it can detect in plugins. If developers of those libraries disclose security advisories on GitHub for those libraries, we incorporate them into the results of the tool as well. Last week we added detection for the jQuery UI JavaScript library. It has already had someone run a plugin through the updated tool that caught the plugin containing a version of a library that contains multiple vulnerability according to the developer:

[Read more]