A cross site scripting (XSS) vulnerability in WordPress has been reported which affects multiple plugins. This has come about due to the erroneous use of certain popular functions used to modify and add query strings to URLs by developers.
Security company Sucuri has checked nearly 400 plugins and found a number contained the vulnerable code*. However since there are thousands of WordPress plugins available, some of which are likely to be affected, everyone with a WordPress website should take immediate action to ensure their website is secure.
Action to be Taken:
- From your wp-admin dashboard, update out of date plugins now
- Check regularly for updates to WP plugins that you use and update them as soon as possible
If you want more information about this vulnerability and how to keep your WordPress website secure, please visit these links:
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
XSS Vulnerability Affects More Than a Dozen Popular WordPress Plugins
*Plugins confirmed to be affected by the XXS vulnerability
- WordPress SEO
- Google Analytics
- All In one SEO
- Gravity Forms
- Jetpack
- Several Plugins from Easy Digital Downloads
- UpdraftPlus
- WP e-Commerce
- WPTouch
- Download Monitor
- P3 Profiler
- Give
- iThemes Exchange
- Broken-Link-Checker
- Ninja Forms
- Aesop Story Engine
- My Calendar
Alternatively if you need any assistance from WP Support Specialists, just Contact Us