Recently it was discovered that many WordPress plugins are vulnerable to cross-site scripting exploits because of a mis-use of commonly used WordPress functions. So far a short list of popular plugins have been confirmed as vulnerable:
  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • WP E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • Broken-Link-Checker
  • Ninja Forms
And there are probably many more not listed above due to the popularity of the WordPress functions in question, if you are currently using WordPress we encourage you to update all of your plugins to be on the safe side. If you have a Retainer with us your installations have already been patched upon announcement of these vulnerabilities, if you have any questions or are not covered and need assistance do not hesitate to open a ticket and we can assist in ensuring your website is patched.

Tuesday, April 21, 2015

« Back