Popular WordPress and plugins have been affected by one serious vulnerability XSS

WordPress has been affected by a serious vulnerability as well as many of his plugins leaving a hole of security in the Webs created with WordPress and that use some of thousand of modules affected, among them several very extended and known by all.

Idenet will solve this vulnerability with the version of urgent security that has sent WordPress in all the pages created with WordPress of its clients to the greater brevity and in case in the updates errors occur will be reviewed throughout the next weeks.

During the last week, the company of Sucuri security has worked with the equipment of security of WordPress to solve a vulnerability of cross site scripting shortage in thousands of plugins and more than a popular dozen of plugins of WordPress. The vulnerability is due to the bad use of the functions add_query_arg () and remove_query_arg ().

The versions affected by this failure of security are previous WordPress 4,2 and, and are affected by a failure of security of persistent type XSS. With this failure of security, it is possible to be introduced code Javascript in the commentaries of the blog or page created with WordPress and to be able to have access to the blog and to as much execute code in the servant who lodges it as in the blog. Being able to change passwords, including the one of administrator, to create new accounts of administrator and to control the blog, publishing or erasing contained of the same.

Plugins affected by vulnerability XSS of WordPress shortages until now, is:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Digital Easy Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related for Posts WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link
  • Ninja Forms

Information in sucuri on vulnerability XSS in WordPress
Version of security sent by WordPress to correct the vulnerability

If you discover a failure or evil operation in your Web, ponte in touch with us as rapidly as possible, all the Webs lodged by Idenet have backup incremental that it allows us to rescue backup copies to 14 days.