Hi Thomas!

Sorry for the delayed response.
Poka theme doesn’t include a version of jQuery but instead uses the WP jQuery. This is common in Theme/Plugin development for better compatibility with the plugins.

This vulnerability is when you make a request to another domain (using jQuery) and the response can execute js in your end. In Poka theme there is no such case so there is nothing to worry about.

But because jQuery is common also for the plugins you are using please be careful with the plugins you have installed.

You can read more about this issue here : https://wordpress.org/support/topic/google-lighthouse-sees-jquery-1-12-4-as-vulnerable/

Hi Thomas!

As I said Poka is not using it’s own jQuery. It uses the jQuery WordPress includes in it’s build.
As you can see in a demo but I’m sure you can check in your site also the jQuery that is used is from WordPress includes.

Example: http://pokav2.pokatheme.com/demo4/
jQuery if you view the source : http://pokav2.pokatheme.com/demo4/wp-includes/js/jquery/jquery.js?ver=1.12.4

As you can understand we don’t have any control what version of jQuery WP is using. Most of the themes use the jQuery WP includes because this is a good practice, you can verify it if you want with other themes.
Also the answer from the official WP support forum is from one of the core developer of WP.

Of course there are workarounds if you want to disable the WP version of iQuery and use your own but you may experience issues with plugins. If you want help please let me know.

You have nothing to worry about the theme and the version of jQuery. 🙂

• This reply was modified 5 years, 4 months ago by admin.