Update time: serious vulnerabilities in widely used WordPress plugins

Many commonly used WordPress plugins are vulnerable to Cross-site Scripting (XSS), which allows hackers to attack your website. It is estimated that more than 400 plugins are vulnerable! This is why it is important to inform webmasters about what they can do to stay up to date.

The following are among the widely used plugins that are infected:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

Chances are that you are already using one or more of these plugins, since they are in WordPress’s top lists. The solution to protect you is quite simple: you need to log in to your WordPress admin (which is often http://yourblog.be/wp-admin) and update all your plugins. If you use WordPress version 3.9 or higher, chances are that the plugins have already been updated automatically.

By the way, you should do this on a regular basis, but we advise you to do it ASAP. It is likely that not all plugins can be updated right away. This is why, in the coming weeks, you should check every day if new updates are available.

 

Need a solution? Read more:

https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html