skip to Main Content

WP Plugins and Themes Widespread Security Vulnerability

WordPressWordPress.org (self-hosted WordPress) users – there is an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes.

As of 4/26/15, this is the list of affected plugins:

Jetpack
WordPress SEO
Google Analytics by Yoast
All In one SEO
Gravity Forms
Multiple Plugins from Easy Digital Downloads
UpdraftPlus
WP-E-Commerce
WPTouch
Download Monitor
Related Posts for WordPress
My Calendar
P3 Profiler
Give
Multiple iThemes products including Builder and Exchange
Broken-Link-Checker
Ninja Forms

WordPress updates are a must!
The best way to combat this is to make sure your WordPress, themes, and plugins are kept up-to-date at all times. Check for updates and apply those available as soon as possible.

Back To Top