---
title: "WordPress Plugin XSS Vulnerability"
description: "Issue: A serious XSS security vulnerability was discovered and disclosed this morning that affects hundreds of WordPress plugins, which in turn affects millions of websites. Status: Anyone who..."
url: https://www.inmotionhosting.com/support/edu/wordpress/wp-xss-plugin-vulnerability/
date: 2015-04-20
modified: 2020-10-13
author: "InMotion Hosting Contributor"
categories: ["WordPress Hosting", "WordPress Tutorials"]
type: post
lang: en
---

# WordPress Plugin XSS Vulnerability

| Issue: | A serious XSS security vulnerability was discovered and disclosed this morning that affects hundreds of WordPress plugins, which in turn affects millions of websites. |
| --- | --- |
| Status: | Anyone who manages or maintains a WordPress site is strongly urged to [update ALL plugins](https://www.inmotionhosting.com/support/edu/wordpress/plugins/update-wordpress-plugin/) immediately. |

## Who is impacted?

People running WordPress websites with the following plugins:

- Jetpack
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- UpdraftPlus
- WP-E-Commerce
- WPTouch
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Give
- Multiple iThemes products including Builder and Exchange
- Broken-Link-Checker
- Ninja Forms

At this time, patches/updates should be released for all the above plugins. If you are running any of these plugins, please [update](https://www.inmotionhosting.com/support/edu/wordpress/plugins/update-wordpress-plugin/) it immediately.
