Are you
using
WordPress to run one of your
websites? If yes, then you
need to read through.
According to a latest warning
by a security company, a
number of WordPress plugins
are vulnerable to a security
flaw, which could
compromise your website
and leave it open for
malicious attacks. These are
some of the major plugins
that you are likely to have
installed on your websites. If
so, then immediate action is
required!
The warning was issued by
WordPress Security
watchdogs Sucuri. According
to them, this is a major
security flaw that is shared
by many WordPress plugins,
some of which are quite
popular. According to them;
“Cross-site Scripting
(XSS) due to the
misuse of the
add_query_arg() and
remove_query_arg()
functions. These are
popular functions
used by developers to
modify and add query
strings to URLs within
WordPress.”
Apparently, the problem was
that the official WordPress
Official Documentation for
these functions was not very
clear, which led to many
plugin developers using them
in an insecure way.
To date, this is the list of
affected plugins:
Jetpack
WordPress SEO
Google Analytics by
Yoast
All In one SEO
Gravity Forms
Multiple Plugins from
Easy Digital
Downloads
UpdraftPlus
WP-E-Commerce
WPTouch
Download Monitor
Related Posts for
WordPress
My Calendar
P3 Profiler
Give
Multiple iThemes
products including
Builder and Exchange
Broken-Link-Checker
Ninja Forms
As you can see, some of
these plugins are very
popular and used by millions
of websites. If you use any of
the above plugins, it’s
recommended that you
update them immediately.
This vulnerability was initially
discovered last week, which
has allowed for time for the
flaws to be patched. Sucuri
reports that all plugins have
been patched, and as of this
morning updates should be
available to all users.
As an additional caution,
plugins beyond what’s listed
above may be vulnerable to
the same security flaw, and
have just not been detected
yet. With that in mind, it’s
best to keep all of your
plugins updated just in case.
Stay safe :)
No comments:
Post a Comment