WordPress Enable jQuery Migrate Helper plugin <= 1.4.1 - Missing Authorization to Authenticated (Subscriber+) jQuery Version Downgrade vulnerability

Missing Authorization to Authenticated Subscriber+ jQuery Version Downgrade vulnerability discovered by Chiao-Lin Yu Steven Meow - Trend Micro in WordPress Plugin Enable jQuery Migrate Helper versions = 1.4.1...

CVE-2026-3279

The Enable jQuery Migrate Helper plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the downgradejqueryversion function in all versions up to, and including, 1.4.1. This is due to the function only verifying a nonce without checking user...

WordPress plugin Enable jQuery Migrate Helper 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

CVE-2016-15054

Nagios XI versions prior to 5.4.0 are vulnerable to cross-site scripting XSS via the jQuery Migrate library. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...

CVE-2016-15054

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a downstream effect of an already identified vulnerability, CVE-2012-6708...

CVE-2016-15054

CVE-2016-15054 is rejected/not used and does not represent an active vulnerability entry.

CVE-2016-15054

...

CVE-2016-15054

...

PT-2025-44798

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to 5.4.0 Description Nagios XI versions prior to 5.4.0 are susceptible to a cross-site scripting XSS issue due to insufficient validation or escaping of user-supplied input within the jQuery Migrate library. This could...

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat

Hidden Malware Discovered in jQuery Migrate: A Stealthy Supply Chain Threat By Trellix · June 18, 2025 This blog was also written by Trishaan Kalra Introduction What happens when a trusted open source library becomes a conduit for stealthy malware delivery? That question became reality when the...

Cross-Site Scripting (XSS)

jquery-migrate is vulnerable to cross-site scripting XSS. The vulnerability exists due to an incomplete fix which sanitized the string of XSS before it was trimmed. As a result, this allows scripts made after a space or that have a leading-hash to be executed...

Cross-site Scripting (XSS)

jquery-migrate is vulnerable to Cross-site Scripting XSS. jquery-migrate uses code similar to $location.hash to select an ID value encoded on the page. However, an attacker can create a cross-site scripting injection by using a string similar to and run code to steal user data...