More WordPress plugin security updates were released today. The list of plugins includes some of the most popular plugins available. The vulnerability was discovered a short while ago and corrected in the versions released today. If you are using any of the plugins listed below, please update them immediately.
NOTE: If you are in my Website Management Program, the updates have already been done.
If you are doing your own updates, check your WordPress dashboard. If you have any of these plugins and they are in need of updating, you will see a red circle with a number inside it next to the Plugins link in your dashboard.
Which Plugins Are Affected?
The following plugins are known to be affected. Be aware that there may be many others as the functions involved are used by many, many plugins and themes:
- Jetpack
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- UpdraftPlus
- WP-E-Commerce
- WPTouch
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Give
- Multiple iThemes products including Builder and Exchange – Exchange is the primary plugin affected along with many of its add-ons. Three Builder themes and the Builder Style Manager plugin are also affected.
- Broken-Link-Checker
- Ninja Forms
What Do I Need To Do?
It’s simple. If your themes or plugins need updating, update them ASAP. The WordPress development community reacts to these situations as quickly as humanly possible. Their efforts make sure the latest versions of their products are as safe as they can be. It’s up to you to make updates when they are available.
If you’re interested in reading the full technical explanation of the vulnerability, visit the following link:
Security Advisory: XSS Vulnerability
The bad guys don’t rest. As always, be careful out there!
Laptop image courtesy of Stuart Miles on FreeDigitalPhotos.net
