Major WordPress Plugins Making Websites Vulnerable


Vulnerable WordPress Plugins
Are you using WordPress to run one of your websites? If yes, then you need to read through. According to a latest warning by a security company, a number of WordPress plugins are vulnerable to a security flaw, which could compromise your website and leave it open for malicious attacks. These are some of the major plugins that you are likely to have installed on your websites. If so, then immediate action is required!
The warning was issued by WordPress Security watchdogs Sucuri. According to them, this is a major security flaw that is shared by many WordPress plugins, some of which are quite popular. According to them;
“Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.”
Apparently, the problem was that the official WordPress Official Documentation for these functions was not very clear, which led to many plugin developers using them in an insecure way.
To date, this is the list of affected plugins:
  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms
As you can see, some of these plugins are very popular and used by millions of websites. If you use any of the above plugins, it’s recommended that you update them immediately.

This vulnerability was initially discovered last week, which has allowed for time for the flaws to be patched. Sucuri reports that all plugins have been patched, and as of this morning updates should be available to all users.

As an additional caution, plugins beyond what’s listed above may be vulnerable to the same security flaw, and have just not been detected yet. With that in mind, it’s best to keep all of your plugins updated just in case.

Stay safe :)

If you don't want to get yourself into Serious Technical Trouble while editing your Blog Template then just sit back and relax and let us do the Job for you at a fairly reasonable cost. Submit your order details by Clicking Here »

3 comments

PLEASE NOTE:
We have Zero Tolerance to Spam. Chessy Comments and Comments with 'Links' will be deleted immediately upon our review.
  1. Hey There! I have updated my plugins to their latest versions and I hope that the developers keep this tip top clean. Thanks for the post it is useful for me and many more.

    ReplyDelete
  2. thanks Mustafa Bhai after reading this article I am going to updates my All SEO plugin

    ReplyDelete
  3. Hello Qasim,

    Thanks for the write-up!

    I do take good care of the plugins in the form of having them updated as soon I see an update is available for any plugins I have up installed.

    This truly is a tragedy that those functions led to some serious disaster and I am glad they are provided with their security patches (for those which I use).

    Thanks once again, happy to share it on my social media's accounts!

    ~ Adeel

    ReplyDelete