XSS vulnerability affects a lot of popular WordPress plugins - Colibri Interactive

XSS vulnerability affects a lot of popular WordPress plugins

For the past week, security firm Sucuri has worked with the WordPress core security team to address a cross site scripting vulnerability discovered in more than a dozen popular WordPress plugins. The vulnerability stems from the improper use of the add_query_arg() and remove_query_arg() functions. Inaccurate information within the WordPress Codex lead many developers to assume these functions would properly escape user input.

The following plugins are affected and should be updated immediately:

  • Jetpack
  • WordPress SEO
  • Google Analytics
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP e-Commerce
  • WPTouch
  • Download Monitor
  • P3 Profiler
  • Give
  • iThemes Exchange
  • Broken-Link-Checker
  • Ninja Forms
  • Aesop Story Engine
  • My Calendar

Maybe more plugins are affected. Please make sure you keep all plugins and you WordPress theme updated.
For more info about the vulnerability read the article at Sucuri.

This website uses cookies to optimize the user experience. Please click on Accept to allow this or select the settings icon to allow only certain cookies.

Cookie settings

Below you can choose which kind of cookies you allow on this website. Click on the "Save cookie settings" button to apply your choice.

FunctionalOur website uses functional cookies. These cookies are necessary to let our website work.

AnalyticalOur website uses analytical cookies to make it possible to analyze our website and optimize for the purpose of a.o. the usability.

Social mediaOur website places social media cookies to show you 3rd party content like YouTube and FaceBook. These cookies may track your personal data.

AdvertisingOur website places advertising cookies to show you 3rd party advertisements based on your interests. These cookies may track your personal data.

OtherOur website places 3rd party cookies from other 3rd party services which aren't Analytical, Social media or Advertising.