Try for Free
  1. SEJ
  2.  » 
  3. Web Development

Multiple WordPress Plugins Vulnerable to Security Flaw, Immediate Update Recommended

Multiple WordPress Plugins Vulnerable to Security Flaw, Immediate Update Recommended

WordPress Security watchdogs, Sucuri have issued a warning that multiple WordPress plugins are vulnerable to a security flaw:

“Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.”

Apparently, the problem was that the official WordPress Official Documentation for these functions was not very clear, which led to many plugin developers using them in an insecure way.

To date, this is the list of affected plugins:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms
Continue Reading Below

If you use any of the above plugins, it’s recommended that you update them immediately.

This vulnerability was initially discovered last week, which has allowed for time for the flaws to be patched. Sucuri reports that all plugins have been patched, and as of this morning updates should be available to all users.

Sucuri cautions that additional plugins beyond what’s listed above may be vulnerable to the same security flaw, and have just not been detected yet. With that in mind, it’s best to keep all of your plugins updated just to be safe.


Subscribe to SEJ

Get our daily newsletter from SEJ's Founder Loren Baker about the latest news in the industry!

Topic(s) of Interest*
By clicking the "SUBSCRIBE" button, I agree and accept the privacy policy of Search Engine Journal.

Matt Southern

Lead News Writer at Search Engine Journal

Matt Southern has been the lead news writer at Search Engine Journal since 2013. With a degree in communications, Matt ... [Read full bio]

Read the Next Article
Read the Next