WordPress comes bundled with jQuery and there are themes and plugins that call it. Unfortunately, WordPress does not have a good way to manage the version of jQuery being used, but using the plugin jQuery Manager for WordPress helps. The security folks ran a scan of our website and found it to be using jQuery 3.4.1 which apparently has some vulnerabilities. The latest version as of this writing is 3.5.1. Typically when the jQuery Manager plugin updates, it comes with the latest version of jQuery however the plugin hasn’t updated in a month. One quick and dirty way of manually adding version 3.5.1 is as follows:
1. Head over here and download the six latest jQuery files
2. Save them into the following folder of your WordPress install:
\wordpress\wp-content\plugins\jquery-manager\assets\js
3. Open the \wordpress\wp-content\plugins\jquery-manager\jquery-manager.php file in something like Notepad++ (Make a backup copy first in case something goes wrong and you need to revert).
4. Edit the jQuery 3X version section, changing the 3.4.1 to 3.5.1 (or whatever is the current version you downloaded)
5. Restart your web services for that wordpress instance
6. Log into your WordPress admin page
7. Navigate to the jQuery Manager under the Tools menu
8. Under the jQuery version dropdown, you should now see version 3.5.1
9. Select your version and click Save Changes
10. To test if it’s working, open up Chrome web browser and hit F12 to open the debugger
11. Click on the Console tab on the top menu
12. Open your webpage
13. At the console > prompt type, console.log(jQuery().jquery); and hit enter. It should respond with the jQuery version being used:
That’s it. Of course your themes and plugins may require a specific version of jQuery, and making this change may break them, and I’m not sure what happens when the plugin updates on it’s own. So this may be only a temporary workaround.