Jan 2017
3 / 3
Jan 2017
Jan 2017
solmn
Jan '17

Hello.

We believe that e-Junkie is using JQuery UI 1.12.0. Is this correct? If so, when will it be updated to version 1.12.1?



We ask because we recently had a security analysis performed on our WordPress-based website. Part of the result was as follows:



JQuery is a JavaScript library with a set of GUI widgets used with WordPress. JQuery UI is an app within the JQuery library. Hackers will assume the WordPress web server has installed the JQuery library and attack the known software deficiencies in older versions. JQuery UI 1.12.0 has the following issues:

• Memory leak and bad performance for managed classes on transient elements

• instance() should return undefined for empty sets

Memory leaks usually are a sign of information left in a state where information may be used inadvertently by another process.



See:

• https://code.jquery.com/ui/

• https://jqueryui.com/changelog/1.12.1/



Please let us know if e-Junkie is using out-of-date and vulnerable JQuery UI 1.12.0. Thank you.

  • created

    Jan '17

  • last reply

    Jan '17
  • 2

    replies

  • 1.5k

    views

  • 2

    users

  • 2

    links

E-junkie_GuruWebmaster & Support Guru
Jan '17

Our shopping cart only includes plain jQuery, not jQuery UI, so that would seem to be irrelevant to your site analysis findings.



I do see that your site is loading jQuery UI on its own, perhaps as a dependency or inclusion with your WP theme or another WP plugin you may be using. You should be able to update that from your WP Admin panel.

solmn
Jan '17

Wow! Thanks for the quick research and response. We really appreciate it.