mrkunau
commented
5 years ago All Plugins and themes Responsi use jQiery from Wordpress - don't include jQuery lib from other source. checked
Closed a3rev closed 5 years ago
mrkunau
commented
5 years ago All Plugins and themes Responsi use jQiery from Wordpress - don't include jQuery lib from other source. checked
a3rev
commented
5 years ago @mrkunau Dat advises that the outdated jQuery script is from WordPress core
a3rev
commented
5 years ago @mrkunau Dat I am reopening this issue.
I have test this site - in Google Lighthouse
http://support.a3de.info which is default WordPress theme and the 2 Vulnerable Frontend JS do not show - so it cannot be loaded from WordPress core - Here is a screenshot of the Lighthouse results for it
I then test http://barcytyres.a3de.info which is just have Responsi , Blank Child Theme and a3 Dashboard activated - I run the Lighthouse test and it is showing the 2 Vulnerable Scripts
See screenshot
We need to fix this in this update because they are Vulnerable - and also because it will bring our Best Practices Score in Lighthouse up to 100%
a3rev
commented
5 years ago @mrkunau Dat
Confirmed that the outdated jQuery is coming from core
@mrkunau Dat
Lighthouse audits on all of our sites show this security Vulnerability - Its an old version of jQuery that has known vulnerabilities
I do not know if it is in the framework, in an addon - but we first need to find it and then if it is ours we need to update it.
We should upgrade this for this refactored version
See screenshot of it from the audit