Security issues | WordPress.org

Resolved bstras21
(@bstras21)

6 years, 10 months ago

You need to update jQuery UI. You are using jQuery UI – v1.11.4 which in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function

Viewing 2 replies - 1 through 2 (of 2 total)

Nico Marcuz
(@nick7766)

6 years, 10 months ago

thnx for keeping a eye on it.

Plugin Author David Anderson / Team Updraft
(@davidanderson)

6 years, 10 months ago

1) jQuery UI 1.11.4 is shipped as part of WordPress core (wp-includes/js/jquery/ui/core.min.js), and not under our control (see: https://core.trac.wordpress.org/ticket/39943).

2) The UpdraftPlus admin page is only reachable by WP admins, who have total control over the site; they don’t need to find ways to escalate their privileges, since they already have complete privileges.

David

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Security issues’ is closed to new replies.

2 replies
3 participants
Last reply from: David Anderson / Team Updraft
Last activity: 6 years, 10 months ago
Status: resolved