[wp-trac] [WordPress Trac] #37110: Update to jQuery 3.*
WordPress Trac
noreply at wordpress.org
Tue Mar 19 13:19:54 UTC 2019
#37110: Update to jQuery 3.*
-------------------------------------------------+-------------------------
Reporter: jorbin | Owner: (none)
Type: task (blessed) | Status: new
Priority: normal | Milestone: Future
| Release
Component: External Libraries | Version:
Severity: critical | Resolution:
Keywords: early has-patch needs-testing | Focuses: javascript
needs-dev-note needs-screenshots needs- |
refresh |
-------------------------------------------------+-------------------------
Comment (by tw0flower):
I have witnessed a malware in a jquery.js file a few days ago, on a
website that uses Wordpress. The installation was up-to-date, on the 4.x
branch. This malware is believed to have allowed the attacker to steal
credit card and personal information.
The original attack vector, which allowed this malware to be here,
probably wasn't JQuery. However, it shows us how damaging a hole in this
library is : the attacker has access to everything the user does. Because
it is loaded in every Wordpress page.
I understand this is not an easy fix, but I believe security should have
priority over backward plugin compatibility.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37110#comment:69>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list