There has been a major alert from Sucuri Security Blog. All the WordPress users which use most popular plugins are at risk as these WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of theĀ add_query_arg() and remove_query_arg() functions.
We advise all WordPress users to take note of this and take the necessary measures or patch up the plugins to the latest version. Since this is a random attack and there is no clear evidence of what all plugins and themes are affected, we would advise all users to upgrade their respective theme or plugin as soon as one is available.
Here are some of the popular plugins that might be affected and need to be immediately updated.
- Jetpack
- WordPress SEO
- Google Analytics
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- UpdraftPlus
- WP e-Commerce
- WPTouch
- Download Monitor
- P3 Profiler
- Give
- iThemes Exchange
- Broken-Link-Checker
- Ninja Forms
- Aesop Story Engine
- My Calendar
There might be hundreds of other plugins that might be affected and Sucuri is working to identify these vulnerable plugins. For update and support on WordPress development, contact us at Platina IT Technologies.