WordPress Plugin XSS Vulnerability

Posted on April 20, 2015 by

Date: April 20, 2015           36 Seconds to Read

Issue: A serious XSS security vulnerability was discovered and disclosed this morning that affects hundreds of WordPress plugins, which in turn affects millions of websites.
Status: Anyone who manages or maintains a WordPress site is strongly urged to update ALL plugins immediately.

Who is impacted?

People running WordPress websites with the following plugins:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

At this time, patches/updates should be released for all the above plugins. If you are running any of these plugins, please update it immediately.

Was this article helpful? Let us know!

Need More Help?

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com

Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!