Title: security issue grunt
Last modified: February 9, 2022

---

# security issue grunt

 *  Resolved [jseutens](https://wordpress.org/support/users/jseutens/)
 * (@jseutens)
 * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issue-grunt/)
 * [https://github.com/jseutens/business-profile-tailored/security/dependabot/1](https://github.com/jseutens/business-profile-tailored/security/dependabot/1)
 * The package grunt before 1.3.0 are vulnerable to Arbitrary Code Execution due
   to the default usage of the function load() instead of its secure replacement
   safeLoad() of the package js-yaml inside grunt.file.readYAML.
 * When I cloned your plugin to git they notified me of this , please check it out.
 * I need the fax and cellphone field so i’m adding them myself , not really all
   working but for now its fine for what i want as i don’t use the widget or gutenberg,
   only the shortcode.

Viewing 5 replies - 1 through 5 (of 5 total)

 *  Plugin Support [jaysupport](https://wordpress.org/support/users/jaysupport/)
 * (@jaysupport)
 * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issue-grunt/#post-15348391)
 * New versions are released to correct any potential security issues. That’s normally
   how software works. With that in mind, what is the reason for which you are mentioning
   this? Why are you using a version of the plugin from 2019 and that you say may
   be vulnerable when there are much newer versions available without the issue 
   you reference?
 *  Thread Starter [jseutens](https://wordpress.org/support/users/jseutens/)
 * (@jseutens)
 * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issue-grunt/#post-15348456)
 * ok , i copied the up to date plugin yhat i changed on my site and then added 
   it to github.
    Maybe these are then files and folders left in the plugin as i’m
   already a long time user (since Nate was still the owner) . I will check by using
   a frech copy of the plugin. and come back to you.
    -  This reply was modified 4 years, 2 months ago by [jseutens](https://wordpress.org/support/users/jseutens/).
    -  This reply was modified 4 years, 2 months ago by [jseutens](https://wordpress.org/support/users/jseutens/).
 *  Thread Starter [jseutens](https://wordpress.org/support/users/jseutens/)
 * (@jseutens)
 * [4 years, 2 months ago](https://wordpress.org/support/topic/security-issue-grunt/#post-15348538)
 * [https://plugins.trac.wordpress.org/browser/business-profile/trunk/package.json](https://plugins.trac.wordpress.org/browser/business-profile/trunk/package.json)
 * your version of this file is also 2 years old , it mentions “grunt”: “~1.0.0”
 *  Plugin Support [jaysupport](https://wordpress.org/support/users/jaysupport/)
 * (@jaysupport)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/security-issue-grunt/#post-15352617)
 * Ah, ok. So, those files were there as part of the way Nate compiled/deployed 
   the plugin using node packages. We don’t do/use this. And those files are not
   used for any of the plugin functionality itself. We originally kept them in version
   2.0.0 to run tests and for checking backwards compatibility. However, they are
   no longer necessary and we will remove them in the next update.
 * Thanks for getting back to me and clarifying your concern.
 *  Thread Starter [jseutens](https://wordpress.org/support/users/jseutens/)
 * (@jseutens)
 * [4 years, 1 month ago](https://wordpress.org/support/topic/security-issue-grunt/#post-15352722)
 * no problem , happy to help 🙂
    case closed 😉

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘security issue grunt’ is closed to new replies.

 * ![](https://ps.w.org/business-profile/assets/icon-128x128.png?rev=2205555)
 * [Five Star Business Profile and Schema](https://wordpress.org/plugins/business-profile/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/business-profile/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/business-profile/)
 * [Active Topics](https://wordpress.org/support/plugin/business-profile/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/business-profile/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/business-profile/reviews/)

## Tags

 * [cellphone](https://wordpress.org/support/topic-tag/cellphone/)
 * [fax](https://wordpress.org/support/topic-tag/fax/)

 * 5 replies
 * 2 participants
 * Last reply from: [jseutens](https://wordpress.org/support/users/jseutens/)
 * Last activity: [4 years, 1 month ago](https://wordpress.org/support/topic/security-issue-grunt/#post-15352722)
 * Status: resolved