Announcement Announcement Module
Collapse
No announcement yet.
Wordpress has 2 critical alerts Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Wordpress has 2 critical alerts

    WordPress currently has 2 critical alerts:

    1. The "comments" functionality within WordPress is vulnerable. WordPress have released version 4.2.1 to fix this - please upgrade asap: https://wordpress.org/news/2015/04/wordpress-4-2-1/.

    2. Multiple WordPress plugins and themes are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

    Affected plugins include but are not limited to: Jetpack, WordPress SEO, Google Analytics by Yoast, All In one SEO, Gravity Forms, Multiple Plugins from Easy Digital Downloads, UpdraftPlus, WP-E-Commerce, WPTouch, Download Monitor, Related Posts for WordPress, My Calendar, P3 Profiler, Give, Multiple iThemes products including Builder and Exchange, Broken-Link-Checker, Ninja Forms. As well as popular themes purchased from ThemeForest, CodeCanyon and other WordPress theme suppliers.

    As the vulnerability applies to several plugins & themes, please ensure to keep each plugin and theme updated. We also recommend the WordPress plugin "WordFence" to secure your site.

    Most servers have mod_security to safeguard against XSS exploits but as each plugin might be vulnerable in slightly different ways it is not likely to be a full protection so updating WordPress and plugins will remain essential.
Working...
X