Critical security issues in WordPress plugins
This week it was discovered that an error in the WordPress developer documentation meant that a cross site scripting flaw was discovered that potentially affected a significant number of WordPress plugins including:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
This is a fairly significant issue. The recommendation is to immediately update all of your plugins and the WordPress core to protect your site.
There has also been an important update to the WordPress core (in fact there have been two this week prior to the 4.2 release) which are fixing security vulnerabilities. WordPress pushed these out as automatic updates to protect sites as quickly as possible but some sites with this feature turned off may still be vulnerable and should be patched immediately.
If you need help with updates or are interested in maintenance packages to cover this type of eventuality then please contact us.