Is there a jquery.cookie script issue with this plugin?

  • Resolved aly22

    (@aly22)


    11 years, 5 months ago

    I posted this also on the Download Manager (Free version) website forum.

    Am desperate to find some help with a possible security issue on my server. I run 2 instances of WordPress, using Download Manager (Free). The download pages are not public pages; they are password-protected.

    I am frequently getting Critical (lfd) server alerts citing cross site scripting, blocking innocent users’ IP addresses — all pointing to: /wp-content/plugins/download-manager/js/jquery.cookie.js

    In Google search I see references to the jquery.cookie.js file being outdated in this plugin. Is that a possible security issue?

    I run mod security on my server, and need to know if safe to disable the lfd rule that is causing general users to be blocked from accessing the server (not specifically the download-manager files).

    https://wordpress.org/plugins/download-manager/

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Shahjada

    (@codename065)

    11 years, 5 months ago

    simply delete /wp-content/plugins/download-manager/js/jquery.cookie.js for now, I’ll check and update the file with next update of the plugin

    Thread Starter aly22

    (@aly22)

    11 years, 5 months ago

    Thank you so much, Shaon! Will try that out right this minute!

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Is there a jquery.cookie script issue with this plugin?’ is closed to new replies.