The documentation presented in the official WordPress Codex for the functions of add_query_arg() and remove_query_arg() led to the insecure usage of these functions. As a result, many WordPress plugins that used these functions are vulnerable to cross-site scripting (XSS). The vulnerability affects input functions in a plugin and must therefore be updated as soon as possible.
These are the affected plugins to date:
Jetpack |
WordPress SEO |
Google Analytics by Yoast |
All In one SEO |
Gravity Forms |
Multiple Plugins from Easy Digital Downloads |
UpdraftPlus |
WP-E-Commerce |
WPTouch |
Download Monitor |
Related Posts for WordPress |
My Calendar |
P3 Profiler |
Give |
Multiple iThemes products including Builder and Exchange |
Broken-Link-Checker |
Ninja Forms |
There may be more plugins affected by the vulnerability. ALL users of WordPress are highly recommended to update their plugins immediately. Plugins can easily be updated through the WordPress Administrator.
Email: | support@WebHostingHub.com | Ticket: | Submit a Support Ticket |
---|---|---|---|
Call: | 757-416-6627 | Chat: | Click To Chat Now |
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!