Library with vulnerability | WordPress.org

Resolved digex17
(@digex17)

1 month ago

The DOMPurify library version 3.1.7 has known vulnerabilities (see: https://security.snyk.io/package/npm/dompurify/3.1.7). A vulnerability was published on February 14, 2025, nearly a year ago, and multiple new versions have been released since then. The current recommendation is to use version 3.2.4 or higher to avoid the XSS vulnerability identified in version 3.1.7. The latest version available is 3.3.1.

Is it possible to upgrade the library to mitigate the current vulnerabilities?

Viewing 3 replies - 1 through 3 (of 3 total)

Plugin Support weiser
(@weiser)

1 month ago

Thank you for your feedback.
The fix has already been implemented and will be included in the upcoming 2.6.1 release.

Thread Starter digex17
(@digex17)

1 month ago

What is the release date for the new version?

Thank you!

photoMaldives
(@photomaldives)

3 weeks, 6 days ago

Changelog 2.6.1
Security: Fix potential XSS vulnerability in comment lightbox content
Security: Update DOMPurify to 3.3.1 to fix known XSS vulnerability
https://wordpress.org/plugins/responsive-lightbox/#developers

Viewing 3 replies - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.

Tags

update

4 replies
3 participants
Last reply from: photoMaldives
Last activity: 3 weeks, 6 days ago
Status: resolved