CVE-2020-11023
Remediation Guide
Expert-verified security guidance by HuntDB
To remediate the vulnerability CVE-2020-11023, you need to update your jQuery version to 3.5.0 or later, as this issue has been patched in jQuery 3.5.0. The vulnerability affects jQuery versions greater than or equal to 1.0.3 and before 3.5.0.
To update jQuery, first, you need to check the current version of jQuery used in your application. You can do this by running the following command in your browser's console: jQuery.fn.jquery. This will return the version of jQuery currently in use.
If the version is less than 3.5.0, you should update it. You can download the latest version of jQuery from the official jQuery website. Once downloaded, replace the jQuery file in your application with the new one.
If your project uses a package manager like npm, you can update jQuery by running the command npm install jquery@latest. This command will install the latest version of jQuery.
If you are using a CDN, update the jQuery version in the script tag. For example, if you are using Google Hosted Libraries, your script tag should look like this: <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.5.0/jquery.min.js"></script>.
Remember to thoroughly test your application after the update, as changes in jQuery version might affect the functionality of your application.
For more information about the changes in jQuery 3.5.0, refer to the jQuery 3.5 upgrade guide.
CVSS Score
V3.1EPSS Score
v2025.03.14There is a 21.8% chance that this vulnerability will be exploited in the wild within the next 30 days.
Attack Vector Metrics
Impact Metrics
Description
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
Available Exploits
Related News
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2020-11023 JQuery Cross-Site Scripting (XSS) Vulnerability These types of vulnerabilities are frequent attac…
Affected Products
Affected Versions:
Known Exploited Vulnerability
This vulnerability is actively being exploited in the wild
Remediation Status
Due Date
Added to KEV
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Product
Ransomware Risk
WordPress Vulnerability
Identified and analyzed by Wordfence
Software Type
Patch Status
Published
Software Details
Software Name
jQuery Manager for WordPress
Software Slug
jquery-manager
Affected Versions
Patched Versions
Remediation
Update to version 1.10.5, or a newer patched version
© Defiant Inc. Data provided by Wordfence.
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
Affected Packages
CVSS Scoring
CVSS Score
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: April 29, 2020, Modified: January 31, 2025