javascript - Should I manually resolve WP Core File security issues or await a subsequent WP release?

Using the Google Developer Tools, I can see that some of WordPress' JavaScript Libraries contain known security vulnerabilities; some a few months old.

With this in mind, should I consider addressing these issues myself or could this result in unexpected results across the WordPress powered website?

Given its notification on Google's Developer Tools, I would suspect it would be something that WordPress would be aware of. That being said, is there a way to see if WordPress are aware of certain security issues and whether they will be addressed in subsequent WordPress releases?

Using the Google Developer Tools, I can see that some of WordPress' JavaScript Libraries contain known security vulnerabilities; some a few months old.

With this in mind, should I consider addressing these issues myself or could this result in unexpected results across the WordPress powered website?

Given its notification on Google's Developer Tools, I would suspect it would be something that WordPress would be aware of. That being said, is there a way to see if WordPress are aware of certain security issues and whether they will be addressed in subsequent WordPress releases?

• javascript
• security
• front-end
• library

Share Improve this question asked Dec 27, 2018 at 3:36 CraigCraig 35811 gold badge22 silver badges2020 bronze badges 3

• 99.99% of the time, WordPress are aware of certain security issues mentioned by you and it will be corrected in next release if it is really important. – I am the Most Stupid Person Commented Dec 27, 2018 at 3:40
• Which libraries? – Krzysiek Dróżdż Commented Dec 27, 2018 at 7:50
• I do not have the exact Libraries to hand right now but if you run the Google Developer Audit Tool, it highlights a few jQuery Files within the wp-includes folder. – Craig Commented Dec 27, 2018 at 23:59

Add a comment  | 

1 Answer 1

Sorted by: Reset to default 1

Most of the time you should not modify core by yourself - it will get overwritten after update and it may cause some conflicts.

Of course, if you know what you're doing and the vulnerability is really serious, then you can update given library and test everything by yourself.

As for awareness. Most of the times WP is very aware of vulnerabilities in its code and fixes them with minor releases.

You can check if the problem is known and if it has a ticket in Trac:

• https://make.wordpress/core/reports/

And if you can't find anything, you can always report it:

• https://make.wordpress/core/handbook/testing/reporting-security-vulnerabilities/
• https://make.wordpress/core/handbook/testing/reporting-bugs/