• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security

XSS Vulnerability Found in Famous WordPress Plugins

April 21st, 2015 Waqas Security 0 comments
XSS Vulnerability Found in Famous WordPress Plugins
Share on FacebookShare on Twitter

Researchers have identified a relatively “common” cross-site scripting flaw (XSS) in some famous WordPress plugins — A coordinated plugin update has been released to address the detected cross-site scripting vulnerability.

In case you are using any of the WordPress plugins mentioned below you must install the update released today to eliminate the “common” cross-site scripting vulnerability.

Here is a list of famous WordPress plugins vulnerable to cross-site scripting security flaw:

* Jetpack

* WordPress SEO

* Google Analytics by Yoast

* All In one SEO

* Gravity Forms

* Multiple Plugins from Easy Digital Downloads

* UpdraftPlus

* WP-E-Commerce

* WPTouch

* Download Monitor

* Related Posts for WordPress

* My Calendar

* P3 Profile

* Give

* Multiple iThemes products including Builder and Exchange

* Broken-Link-Checker

* Ninja Forms

These are some of the main plugins but there may be other plugins that are currently vulnerable to the identified cross-site vulnerability. Therefore, it is important to ensure that latest version of every plugin is being run on your device if you use WordPress. If you are unsure about all the WordPress plugins, kindly contact the plugins developer.

Why do you need to update all WordPress plugins?

Same problem exists in all WordPress plugins, that is, while using the add_query_arg() and remove_query_arg() functions the lack of escaping was observed.

These aforementioned functions are quite commonly used by WordPress developers for modifying or adding query string in URLs.

The problem occurred because the Codex documentation of the two functions wasn’t written well. Moreover, the instances used in the Codex didn’t display suitable escaping use cases.

Secure WordPress- Update the Plugins

We suggest that you update all the plugins that are currently installed on your WordPress by logging in to your WordPress dashboard via an administrator account.

These tips and tricks might help you securing your WordPress:

a. Always keep updated version of WordPress because latest versions (whether a plugin, theme or WordPress itself) are more secure and stable

b. You must monitor WordPress activity because logs aren’t only there for consuming hard disk space. You must use logs wisely by installing WP Security Audit Log plugin. It will monitor every activity happening on your WordPress. It will also analyze the logs at regular intervals to ensure legit activity

c. You must endorse the rule of restricting access because using least privileges limits the plugin’s, user’s or theme’s access to every activity. Thus, don’t ever allow any components more privileges than required

d. Always install wisely and what you need. This means, install those plugins only that you need. Also, always delete themes, third party components and plugins that are not in use

e. Subscribing to WordPress Security Bloggers also helps because you always get the latest news about WP security. WP Bloggers is basically a newsfeed that features the highly popular WP security websites and sources that report WP security issues.

Click here to read more on previous critical vulnerabilities found in famous WordPress plugins

Follow @HackRead

  • Tags
  • Blogging
  • Plugins
  • security
  • Vulnerability
  • Wordpress
  • XSS
Facebook Twitter LinkedIn Pinterest
Previous article Anonymous Hacks Israeli Arms Importer Site, Leaks Massive Client Login Data
Next article Woman Suing Google For Losing “thousands” due to Google Play Store hack
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

40
Why you should never use free a VPN
Drones

Why you should never use free a VPN

27
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

215

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us