Dear Customers,

Major security vulnerability in more than 400 WordPress plugins. You are being advised to update your plugins/themes right now.

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

To date, this is the list of affected plugins:
  • Jetpack
  • WordPress SEOGoogle Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms
If you need any help please open a ticket and we will be glad to help.


Tuesday, April 21, 2015

« Back