(I should have added that versions of jquery-ui prior to 13.2 are vulnerable to XSS attacks)
Hi Andy,
Thank you for reaching out.
Could you please provide more details about the specific issue you’re experiencing with the file manager? Are these security alerts related to our plugin, or is there another aspect of the file manager that is affected?
Your clarification will help us assist you more effectively.
Best,
WP File Manager Support Team
Hi there.
The warnings are around the inclusion of jquery-ui version 1.12.1 by the plugin.
In the free version it’s in lib/main.default.js : line 11 – the version is set to 1.12.1
In the pro version it’s in plugins/wp-file-manager-pro/file_folder_manager_pro.php : line 968
Versions of jquery older than 1.13.2 are vulnerable to a cross site scripting attack. Here’s the CVE https://www.cvedetails.com/cve/CVE-2022-31160/
Hi there,
Thank you for bringing this to our attention.
We acknowledge your concern regarding the inclusion of jQuery UI version 1.12.1 in our plugin. The specific warnings you mentioned in the free version (lib/main.default.js, line 11) and the pro version (plugins/wp-file-manager-pro/file_folder_manager_pro.php, line 968) are noted.
We have added this issue to our pipeline and will address it as soon as possible.
Thank you for your effort and for sharing the details with us.
Best,
WP File Manager Support Team
