Monday 27 April 2015

WordPress XSS Vulnerability

A vulnerability has recently been found which affects a huge number of WordPress plugins and themes. In simple terms, it allows malicious code to be executed on any site using a theme or plugin which contains the vulnerability.

For those using my QlikView for WordPress plugin, the good news is that it isn't affected by this XSS vulnerability and so you don't need to worry. However many of the most commonly used plugins have been found to contain the vulnerability including:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

Whether you use any of the above plugins on your WordPress powered site or not, I strongly recommend that you check regularly for updates to the themes and plugins that you do use and install any updates as soon as they become available.

No comments:

Post a Comment