[wp-trac] [WordPress Trac] #60649: plupload is extremely outdated, it's used by wp core file, auto update was disabled and found vulnerbility
WordPress Trac
noreply at wordpress.org
Tue Feb 27 20:07:06 UTC 2024
#60649: plupload is extremely outdated, it's used by wp core file, auto update was
disabled and found vulnerbility
--------------------------+-----------------------------
Reporter: harrisonchen | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 6.4.3
Severity: major | Keywords: needs-patch
Focuses: |
--------------------------+-----------------------------
Hello,
The file is very outdated, our security scan shows vulnerbility on the
current version.
I see that in the update-core.php , plupload is disabled to auto update, i
think this was forgotten to turn back on after resolving a bug found years
ago.
Please take a look and update the plupload.js file is possible.
plupload.js pkg:javascript/plupload at 2.1.9
thank you
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60649>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list