A new version of the WordPress plugin has been released. A recent hack was found in older versions of
this plugin which allows an attacker to perform Cross-site Scripting (XSS) with
no authentication required. XSS Vulnerability Affecting Multiple WordPress Plugins.
Over the next 48
hours we will be making every attempt to upgrade any plugins to
the most recent version . We strongly encourage you to check your plugin
version to make sure it is on the newest version. We also recommend you update
your WordPress installation(s), plugins, and themes to the most current
versions to prevent any additional vulnerabilities.
To update your WordPress and/or plugins and themes you can follow the steps below:
To update your WordPress and/or plugins and themes you can follow the steps below:
- Log in to your WordPress admin control panel and click on Dashboard (located on the left panel).
- Click on Updates and you will be presented with a list of items that need to be updated.
- To update the item select the item and then click on the appropriate Update button.
To date, this is the list of affected plugins:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- UpdraftPlus
- WP-E-Commerce
- WPTouch
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Give
- Jetpack
- Multiple iThemes products including Builder and Exchange
- Broken-Link-Checker
- Ninja Forms
No comments:
Post a Comment
Note: only a member of this blog may post a comment.