6 {{ upvoteCount | shortNum }}
6 {{ upvoteCount | shortNum }}

Go update all your wordpress sites! - XSS Vulnerability

by Peter Lessard
4 replies
Discovered April 20th affecting pretty much every popular plugin we all use.
Don't panic just go update all your plugins to latest version as well as WP if it is not up to date.

Read more here: https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html

Also keep a careful eye out for updates over next few weeks as many plugin developers are just rolling out and will continue to roll out updates.

This is just a short list of plugins that can be exploited:


Jetpack
WordPress SEO
Google Analytics by Yoast
All In one SEO
Gravity Forms
Multiple Plugins from Easy Digital Downloads
UpdraftPlus
WP-E-Commerce
WPTouch
Download Monitor
Related Posts for WordPress
My Calendar
P3 Profiler
Give
Multiple iThemes products including Builder and Exchange
Broken-Link-Checker
Ninja Forms


#sites #update #vulnerability #wordpress #xss
  • Profile picture of the author Freebiequeen1999
    Thanks for the heads up.....I felt something would come around april 21...and updated everything as I go...

    thanks
    {{ DiscussionBoard.errors[10027766].message }}
    • Profile picture of the author savidge4
      The REAL question is WHICH update? WordPress has released what 3 updates in the last week, and a newer version is already on deck... as for the plugins, I checked the short list and none of them yet have a new update released yet. There is going to be mayhem in the WordPress support community coming soon LOL
      Signature
      Success is an ACT not an idea
      {{ DiscussionBoard.errors[10028673].message }}
  • Profile picture of the author Raj4x
    Just keep updating the new versions/builds as they're released. That's the best way to safeguard your site IMO, savidge4.
    {{ DiscussionBoard.errors[10028793].message }}
    • Profile picture of the author savidge4
      Originally Posted by Raj4x View Post

      Just keep updating the new versions/builds as they're released. That's the best way to safeguard your site IMO, savidge4.
      As much as I get it... I'm a developer. I have a Forum that actually assists people when they are having issues with WordPress. What tends to happen in the madness of a Security update is that WordPress itself will update first. In many cases ( appears not to be in this case ) there will be some compatibility issues with non-updated plugins.

      It will often take an update or 2 on the plugin side to get things just right.. because WordPress ( as in this case ) will release updates above and beyond the initial update.

      I get the same e-mails that all of the other developers get. I have a few published plugins. I think as of this morning there are a total of 6 core changes across what appears to be 4 in place updates and another coming. ( the numbers may be wrong with this... My plugins are minor in the use of hooks in general so I don't pay all that much attention to all the hub bub of what goes on )

      I will tell you that I was developing a pretty robust plug-in right before release 3.0 and that one in particular.. geeze there was some pretty radical changes with core. ( as in dropped hooks ) and my project got scrapped... many are still in the plugin directory that have not been updates since then. ( they will be a warning message that it has not been updated )

      So all of this leads to what I personally do with updates like this.. well I don't do anything. I WAIT for the plugins to have updates first before going in and making updates to WordPress.

      If the idea is "Uptime" for a site, and you go down because of a plugins incompatibility and all the sudden you are waiting for them to get through the process.. well that means in many cases lost revenue. Its just not a good thing.

      In this case it is a XSS threat. Incase anyone is wondering exactly what that is here is a decently technical article written in plain English for the most part! lol What is Cross Site Scripting and How Can You Fix it?
      Signature
      Success is an ACT not an idea
      {{ DiscussionBoard.errors[10028878].message }}

Trending Topics