It is estimated that the impact of this problem could be serious, considering that this library is currently used by more than 70% of the functional websites; most sites still use the 1.x and 2.x versions of the library, making them vulnerable to this flaw.
Recently an update patch was released to correct this flaw, three years after the last security update this library received, the cybersecurity experts mention.
Cybersecurity experts have shown that exploiting the vulnerability (identified as CVE-2019-11358) can assign themselves administrator privileges in a web application that uses the jQuery library code.
In addition, experts recommend that web developers working with this library update as soon as possible to the latest version of jQuery (v 3.4.0). According to the reports, the most recent version of the library includes corrections for some undesirable functions during the library use; technical details about each of these fixes can be found in the official jQuery developers’ blog.