Hello Guest, if you read this, it means you are not registered. Click here to register a few simple steps, you will enjoy all the features of our Forum. Please note that nicknames are prohibited lewd or meaningless (no numbers or letters at random) and introduce yourself in the section for you to meet our community.
Important XSS Vulnerability Affecting Multiple WordPress Plugins
Results 1 to 2 of 2

Thread: XSS Vulnerability Affecting Multiple WordPress Plugins

  1. #1
    Support Guru Nick's Avatar
    Join Date
    Jul 2014
    Blog Entries
    Thanked 4 Times in 3 Posts

    XSS Vulnerability Affecting Multiple WordPress Plugins

    Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

    The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.

    To date, this is the list of affected plugins:

    • Jetpack
    • WordPress SEO
    • Google Analytics by Yoast
    • All In one SEO
    • Gravity Forms
    • Multiple Plugins from Easy Digital Downloads
    • UpdraftPlus
    • WP-E-Commerce
    • WPTouch
    • Download Monitor
    • Related Posts for WordPress
    • My Calendar
    • P3 Profiler
    • Give
    • Multiple iThemes products including Builder and Exchange
    • Broken-Link-Checker
    • Ninja Forms

    This is just a heads up you may read more info here : Sucuri

    We highly recommend that you go to your wp-admin dashboard and update any out of date plugins now.

    Linux Powers 99% of the word wide browsers!

    The opinions or views expressed above are not necessarily the opinions or views of GoZEN Host LLC

  2. #2
    Put some ZEN in your site GOZEN's Avatar
    Join Date
    Apr 2012
    Blog Entries
    Thanked 8 Times in 8 Posts

    Re: XSS Vulnerability Affecting Multiple WordPress Plugins

    We urge our clients to update asap as this is a huge issue.

    And please remember always create a backup before any major updates!
    Also for webmasters who haven't the auto update function disable the update is already installed, you just need to make sure that your plugins are also updated!
    Customer Satisfaction is our main goal !!!
    Our Support team is always there for you 24/7/365
    Support Request
    GoZen Host

Similar Threads

  1. Replies: 0
    Last Post: 11-12-2014, 05:49 PM
  2. Info OpenSSL - POODLE SSLv3 Vulnerability
    By Nick in forum Announcements
    Replies: 0
    Last Post: 10-16-2014, 09:15 PM
  3. Tips Best WordPress SEO plugins
    By GOZEN in forum Third Party Software assistance
    Replies: 0
    Last Post: 09-09-2013, 05:12 AM

Tags for this Thread


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts