XSS vulnerability affects a lot of popular WordPress plugins - Colibri Interactive

XSS vulnerability affects a lot of popular WordPress plugins

For the past week, security firm Sucuri has worked with the WordPress core security team to address a cross site scripting vulnerability discovered in more than a dozen popular WordPress plugins. The vulnerability stems from the improper use of the add_query_arg() and remove_query_arg() functions. Inaccurate information within the WordPress Codex lead many developers to assume these functions would properly escape user input.

The following plugins are affected and should be updated immediately:

  • Jetpack
  • WordPress SEO
  • Google Analytics
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP e-Commerce
  • WPTouch
  • Download Monitor
  • P3 Profiler
  • Give
  • iThemes Exchange
  • Broken-Link-Checker
  • Ninja Forms
  • Aesop Story Engine
  • My Calendar

Maybe more plugins are affected. Please make sure you keep all plugins and you WordPress theme updated.
For more info about the vulnerability read the article at Sucuri.

This website uses cookies to give you the best userexperience. Agree by clicking the 'Accept' button.