Vulerable Javascript Libraries
The support doesn work on Saturdays and Sundays, so some Friday requests can be answered on Monday. If you have problems with registration ask help on contact us page pleaseIf you not got email within 24~36 business hours, firstly check your spam box, and if no any email from the support there - back to the forum and read answer here. DO NOT ANSWER ON EMAILS [noreply@pluginus.net] FROM THE FORUM!! Emails are just for your info, all answers should be published only here.
The support doesn work on Saturdays and Sundays, so some Friday requests can be answered on Monday.
Dear i have made a site for a client recently. after delivering the client sent it through acunetix security check which brought back this alert.
I have now idea how to properly read acunetix results so i would so much appreciate if you can help me to know what should i do here.
Web Server
Alert group Vulnerable JavaScript libraries
Severity Medium
Description
You are using one or more vulnerable JavaScript libraries. One or more vulnerabilities were
reported for this version of the library. Consult Attack details and Web References for more
information about the affected library and the vulnerabilities that were reported.
Recommendations Upgrade to the latest version.
Alert variants
Details
jQuery 1.7.0
URL: //ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js
Detection method: The library's name and version were determined based on the
file's CDN URI.
References:
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
5
GET /wp-content/plugins/wp-meta-data-filter-and-taxonomy-filter/js/tooltipster/ HTTP/1.1
Referer: /wp-content/plugins/wp-meta-data-filter-and taxonomy-
filter/js/tooltipster/
Cookie: wordpress_test_cookie=WP%20Cookie%20check; privacy_embeds=consent
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/92.0.4512.0 Safari/537.36
Connection: Keep-alive
Thank you so much in advance.
Hello
Very strange, this is a very popular library and I doubt this information
In any case, you can update this library on wp-content/plugins/wp-meta-data-filter-and taxonomy-
filter/js/tooltipster/
To get the new version - https://www.heteroclito.fr/modules/tooltipster/ - files in \tooltipster-master\dist\
I am sorry if this is too much asking.
Should i upload the hole folder, cause this files are totally different from mine.
i have uploaded my folder in private data for this topic, how my folder looks. Sorry once again if i am asking too much, i just am new to this. havent updated files directly.
Hello
I passed it to the developer
He will send detailed instructions on how to do this.
Thank you.
Will they be answering today? Cause i have to deliver my work at 14:00 o'clock. Sorry if this sounds rude, that is not my intention, i am just stressed. Thank you once again.
Unfortunately, the developer will not have time to do this today. It has a task queue
Unfortunately, I can't do this either because I need to test the code.
So when will this be done? Just so i know how long do i have to wait?
Hello
I will ask the developer to do this today
Thank you.
Hello
In file - wp-content\plugins\meta-data-filter\core.php - change this code - https://share.pluginus.net/image/i20211005170924.png
$tooltip_theme = self::get_setting('tooltip_theme');
if ($tooltip_theme != 'default') {
wp_enqueue_style('tooltipster_theme', self::get_application_uri() . 'js/tooltipster/css/themes/tooltipster-sideTip-' . $tooltip_theme . '.min.css');
}
wp_enqueue_style('tooltipster', self::get_application_uri() . 'js/tooltipster/css/tooltipster.bundle.min.css');
wp_enqueue_script('tooltipster', self::get_application_uri() . 'js/tooltipster/js/tooltipster.bundle.min.js', array('jquery'));
And and replace this folder - \wp-content\plugins\meta-data-filter\js\tooltipster\
new files - https://drive.google.com/drive/folders/1cDGCNLrWBGsXZOWU09a27OvygzPMYenM?usp=sharing
Thank you so very much. One last question, in meta data filter/js/tooltipster is a index.html located where i was able to locate the 1.7.0 script was being called. will that still be affecting even though we make these changes. or maybe if that was the problem in the beginning. You have the files in Private data for this topic if you want to check that too.
Thank you so much once again for your time and patience. I'll let you know if this fixed the issue cause they are going to scan it with acunetix once again.
hello
Just completely replace the files in the folder.
Dear,
Just wanted to let you know that now everything is perfect. All the alerts have been removed. Thank you so much once again for your time and patience.
Hello
Great! Welcome;)