03 May

Widespread WordPress Vulnerability

Wordpress Logo

WordPress Logo

This is a general announcement for all users of WordPress to bring your attention to an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes. Anyone using a WordPress website, regardless of where the theme or plugin was sourced, needs to be aware of this and take immediate action to ensure it is secure.

Please note that this has nothing to do with our hosting in any way. In fact, it has nothing to do with hosting from any company. The vulnerability is with WordPress, WordPress Themes, and WordPress Plugins.

What should I do?

There is no easy way of knowing exactly which plugins or themes are affected so our best advice is to periodically check for updates to any WordPress themes or plugins you are using and apply those available as soon as possible.

For updates to items obtained from other sources, please check the Plugins and Themes pages in the WordPress Admin area or contact the source of the product.

We strongly recommend continuing to check for updates, especially over the next few weeks, but also on an ongoing basis. It is important to always keep your WordPress installation and associated plugins and themes up to date. If you still have concerns, we suggest engaging an experienced WordPress developer to check whether your site is affected.

More details are available via the following links:

https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
http://wptavern.com/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins
https://poststatus.com/coordinated-plugin-updates-to-address-security-vulnerability-in-many-popular-wordpress-plugins/

Share this