I just received email from Envato regarding an XSS security vulnerability affecting multiple wordpress plugins and themes!
These are some of the plugins currently affected :
“The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.
To date, this is the list of affected plugins:
-
Google Analytics by Yoast
-
All In one SEO
-
Gravity Forms
-
Multiple Plugins from Easy Digital Downloads
-
WP-E-Commerce
-
WPTouch
-
P3 Profiler
-
Multiple iThemes products including Builder and Exchange
-
Broken-Link-Checker
-
Ninja Forms “
Source : https://blog.sucuri.net/
The best thing to do now is head on to your admin panel and update all of your plugins and themes to ensure that you don’t get effected by this!
More details are available via the following links (Source – Envato) :
- https://blog.sucuri.net/2015/
04/security-advisory-xss- vulnerability-affecting- multiple-wordpress-plugins. html - http://wptavern.com/xss-
vulnerability-affects-more- than-a-dozen-popular- wordpress-plugins - https://poststatus.com/
coordinated-plugin-updates-to- address-security- vulnerability-in-many-popular- wordpress-plugins/