{"id":2157,"date":"2014-09-23T13:49:54","date_gmt":"2014-09-23T19:49:54","guid":{"rendered":"http:\/\/www.whitefirdesign.com\/blog\/?p=2157"},"modified":"2014-09-23T13:49:54","modified_gmt":"2014-09-23T19:49:54","slug":"jquery-com-is-running-outdated-and-insecure-version-of-wordpress","status":"publish","type":"post","link":"https:\/\/www.whitefirdesign.com\/blog\/2014\/09\/23\/jquery-com-is-running-outdated-and-insecure-version-of-wordpress\/","title":{"rendered":"jQuery.com is Running Outdated and Insecure Version of WordPress"},"content":{"rendered":"<p>Today it was <a href=\"http:\/\/www.net-security.org\/malware_news.php?id=2869\">reported that website of the JavaScript library jQuery was recently hacked<\/a>. When a high profile website like this is hacked\u00a0what is important to find out is how it was hacked,\u00a0since a high profile websites are sometimes hit with new exploits that will later be exploited more widely and making sure that others are warned early can help to\u00a0limit\u00a0further successful exploitation. Unfortunately that has not been determined so far, the article states that &#8220;The bad news is that they still don&#8217;t know how the compromised happened, so it just might happen again.&#8221;.<\/p>\n<p>Right\u00a0now the jQuery website has a pretty obvious security problem. They are running an outdated version of WordPress:<\/p>\n<p><a href=\"https:\/\/chrome.google.com\/webstore\/detail\/meta-generator-version-ch\/fahebfpoehlhpngkmdgldkkilflkelbl\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-2158\" src=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2014\/09\/jquery-wordpress-version.png\" alt=\"The jQuery Website is Running  WordPress 3.9.1\" width=\"500\" height=\"150\" srcset=\"https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2014\/09\/jquery-wordpress-version.png 500w, https:\/\/www.whitefirdesign.com\/blog\/wp-content\/uploads\/2014\/09\/jquery-wordpress-version-300x90.png 300w\" sizes=\"auto, (max-width: 500px) 85vw, 500px\" \/><\/a><\/p>\n<p>The next version of WordPress, 3.9.2, <a href=\"https:\/\/wordpress.org\/news\/2014\/08\/wordpress-3-9-2\/\">which was released on August 6<\/a>, included a number of security fixes and users were &#8220;strongly encourage you to update your sites immediately&#8221;. We are not aware of a mass exploitation of those vulnerabilities (or any others in older versions of WordPress in years), but some of the vulnerabilities fixed might be exploitable in a targeted attack. Back in WordPress 3.7, a<a href=\"https:\/\/wordpress.org\/news\/2013\/10\/basie\/\"> new feature was introduced that automatically applies maintenance and security updates<\/a>, like WordPress 3.9.2, so most websites that had been running WordPress 3.9.1 would have been upgraded within a day of the release of 3.9.2. That means that either the jQuery web developers disabled that feature or their server has some issues preventing the automatic updates from occurring. (Those automatic updates can be extended to plugins with our <a href=\"https:\/\/wordpress.org\/plugins\/automatic-plugin-updates\/\">Automatic Plugin Updates plugin<\/a>.)<\/p>\n<p>Unfortunately the use of outdated software\u00a0on the jQuery website isn&#8217;t an uncommon occurrence,\u00a0when we looked at data from one of our tools earlier this year <a href=\"http:\/\/www.whitefirdesign.com\/blog\/2014\/03\/03\/outdated-versions-of-joomla-2-5-x-and-3-x-widely-used\/#wordpress\">we found that 60 percent of WordPress were running a version below the then current version<\/a> (we also found widespread use of outdated version of <a title=\"Drupal Websites Not Receiving Security Updates in a Timely Manner\" href=\"http:\/\/www.whitefirdesign.com\/blog\/2014\/06\/09\/drupal-websites-not-receiving-security-updates-in-a-timely-manner\/\">Drupal<\/a> and <a title=\"Outdated Versions of Joomla 2.5.x and 3.x Widely Used\" href=\"http:\/\/www.whitefirdesign.com\/blog\/2014\/03\/03\/outdated-versions-of-joomla-2-5-x-and-3-x-widely-used\/\">Joomla<\/a>.). A good way to keep track of the update status of websites you manage is with our <a href=\"https:\/\/chrome.google.com\/webstore\/detail\/up-to-date\/gfdibfaafmpljichhkbgbegfoinihnab\">Up to Date? Chrome app<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Today it was reported that website of the JavaScript library jQuery was recently hacked. When a high profile website like this is hacked\u00a0what is important to find out is how it was hacked,\u00a0since a high profile websites are sometimes hit with new exploits that will later be exploited more widely and making sure that others &hellip; <a href=\"https:\/\/www.whitefirdesign.com\/blog\/2014\/09\/23\/jquery-com-is-running-outdated-and-insecure-version-of-wordpress\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;jQuery.com is Running Outdated and Insecure Version of WordPress&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35,3],"tags":[],"class_list":["post-2157","post","type-post","status-publish","format-standard","hentry","category-outdated-web-software","category-wordpress"],"_links":{"self":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/comments?post=2157"}],"version-history":[{"count":2,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2157\/revisions"}],"predecessor-version":[{"id":2160,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/posts\/2157\/revisions\/2160"}],"wp:attachment":[{"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/media?parent=2157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/categories?post=2157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.whitefirdesign.com\/blog\/wp-json\/wp\/v2\/tags?post=2157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}