Update your Wordpress : XSS Vuln affecting multiple plugins and themes
From a local forum about web hosting in Indonesia, one of the Community Guide make a post that asked us to update our WordPress installation, which included Plugins and Themes.
The main problem of Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.
This is some of the affected Plugins :
Jetpack WordPress SEO Google Analytics by Yoast All In one SEO Gravity Forms Multiple Plugins from Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Multiple iThemes products including Builder and Exchange Broken-Link-Checker Ninja Forms
Some article explanation can be read from :
- https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
- http://wptavern.com/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins
- https://poststatus.com/coordinated-plugin-updates-to-address-security-vulnerability-in-many-popular-wordpress-plugins/
Member discussion