- Популярные видео
- Авто
- Видео-блоги
- ДТП, аварии
- Для маленьких
- Еда, напитки
- Животные
- Закон и право
- Знаменитости
- Игры
- Искусство
- Комедии
- Красота, мода
- Кулинария, рецепты
- Люди
- Мото
- Музыка
- Мультфильмы
- Наука, технологии
- Новости
- Образование
- Политика
- Праздники
- Приколы
- Природа
- Происшествия
- Путешествия
- Развлечения
- Ржач
- Семья
- Сериалы
- Спорт
- Стиль жизни
- ТВ передачи
- Танцы
- Технологии
- Товары
- Ужасы
- Фильмы
- Шоу-бизнес
- Юмор
Popular WordPress File Manager Plugins Contain Vulnerable jQuery UI Library
The WP Security Minute for March 5, 2025.
Are you using a WordPress file manager plugin on a website? If so, there is a good chance you are using a plugin that is known to be insecure.
Last week WordPress security provider Plugin Vulnerabilities warned that three of the most popular file manager plugins contained a known vulnerable version of the jQuery UI library. There inclusion of that library was in part caused by the developers of the plugins failing to update the file manager library that is at the heart of their plugins for over a year.
The versions of jQuery UI being used in those plugins had been disclosed to be vulnerable by the developer of jQuery UI in October 2021.
The developer of the most popular of the plugins, File Manager, which has one million installs, was publicly warned about the inclusion of the vulnerable library in April 2023. They responded at the time that they would "release an update within a few days" to address that, but they didn't. They were publicly warned again in June of last year and responded they "will address it as soon as possible."
So far, that plugin, and the other two, Advanced File Manager and Filester, haven't had the library updated despite being warned over a week ago about the problem.
The inclusion of the vulnerable library was originally identified through the Plugin Security Scorecard tool.
More information can be found in a couple of blog posts from Plugin Vulnerabilities https://www.pluginvulnerabilities.com/2025/02/25/popular-wordpress-file-manger-plugins-contain-third-party-library-with-multiple-vulnerabilities/ and https://www.pluginvulnerabilities.com/2025/02/26/developer-of-1-million-install-wordpress-plugin-warned-multiple-times-of-known-vulnerable-library-in-plugin-and-still-hasnt-addressed-it/
Видео Popular WordPress File Manager Plugins Contain Vulnerable jQuery UI Library канала WP Security Minute
Are you using a WordPress file manager plugin on a website? If so, there is a good chance you are using a plugin that is known to be insecure.
Last week WordPress security provider Plugin Vulnerabilities warned that three of the most popular file manager plugins contained a known vulnerable version of the jQuery UI library. There inclusion of that library was in part caused by the developers of the plugins failing to update the file manager library that is at the heart of their plugins for over a year.
The versions of jQuery UI being used in those plugins had been disclosed to be vulnerable by the developer of jQuery UI in October 2021.
The developer of the most popular of the plugins, File Manager, which has one million installs, was publicly warned about the inclusion of the vulnerable library in April 2023. They responded at the time that they would "release an update within a few days" to address that, but they didn't. They were publicly warned again in June of last year and responded they "will address it as soon as possible."
So far, that plugin, and the other two, Advanced File Manager and Filester, haven't had the library updated despite being warned over a week ago about the problem.
The inclusion of the vulnerable library was originally identified through the Plugin Security Scorecard tool.
More information can be found in a couple of blog posts from Plugin Vulnerabilities https://www.pluginvulnerabilities.com/2025/02/25/popular-wordpress-file-manger-plugins-contain-third-party-library-with-multiple-vulnerabilities/ and https://www.pluginvulnerabilities.com/2025/02/26/developer-of-1-million-install-wordpress-plugin-warned-multiple-times-of-known-vulnerable-library-in-plugin-and-still-hasnt-addressed-it/
Видео Popular WordPress File Manager Plugins Contain Vulnerable jQuery UI Library канала WP Security Minute
Комментарии отсутствуют
Информация о видео
6 марта 2025 г. 0:00:21
00:01:01
Другие видео канала
WordPress Finally Moving to More Secure Password Hashing in Version 6.8
Google Promoted Barely Disguised VPN Ad as News Story About Exploring WordPress Plugins Securely
Hacker Targeting WordPress Plugin Patchstack, Wordfence, and WPScan Falsely Claimed Was Secured
WP Engine Hasn't Fixed Vulnerability in 100,000+ Install WordPress Plugin NitroPack in 4 Months
Hacker Targeting WordPress Plugin Patchstack, Wordfence, and WPScan Falsely Claimed Was Secured
Is WordPress hacker's "strong password" strong? Password strength meters have varying answers.
WordPress Security Providers Downplayed Vulnerability Based on Inaccurate Info From Patchstack
Popular WordPress File Manager Plugins Contain Vulnerable jQuery UI Library
WordPress is Blocking Update That Stops Exploitation of Hacker Targetted Vulnerability in Plugin
The 8G Firewall for WordPress Is Too Good to Be True
c/side Won't Protect WordPress Websites From Being Hacked
Patchstack's "Fastest Protection" for "Vulnerabilities" Was a Week Behind Merely Updating Plugin
Developer of 300,000+ Install WordPress Plugin Not Upfront About Belated Security Fixes
Patchstack and Bleeping Computer's Bill Toulas Caught Lying About Exploitation of WP Plugin Vuln
Data Tells Different Story About Companies Alleged Reduction in Pledged Support for WordPress
Shadow Server Data Shows Hackers Targeting Vulnerable Security Solutions, Not WordPress
The 8G Firewall for WordPress Is Too Good to Be True
How is a WordPress security plugin with fewer than 10 installs "trusted by thousands"?
Awesome Motive Also Using Fake Security Certifications When Promoting Their WordPress Plugins
Hundreds of Thousands of Websites Using Wordfence Are Consistently Infected with Malware
