Lighthouse Warning Includes Front-End JavaScript Libraries With Known Security Vulnerabilities

Lighthouse Warning Includes Front-End JavaScript Libraries With Known Security Vulnerabilities

Yoast Security Vulnerabilities

A major concern indicating the Yoast team aren’t even testing their own site with the Google Lighthouse audit tool is near the bottom of the report under “Best Practices” > “Includes Front-End JavaScript Libraries With Known Security Vulnerabilities”

Yoast is loading this Jquery resource:

<script type='text/javascript' src='https://code.jquery.com/jquery-1.12.4.min.js'></script>

Affected versions of the Jquery package (inc. jquery@1.12.4) are vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain ajax request is performed without the dataType option causing text/javascript responses to be executed.

Solution: Upgrade jquery to version 3.0.0 or higher.

Note: This doesn’t mean yoast.com IS vulnerable, means there’s a possibility of a vulnerability. They are either unaware of the vulnerability or are taking a risk: believe their site isn’t at risk because of XYZ.

Continue Reading How to Check an SEO Consultant is an SEO Expert?