WordPress Plugin XSS Vulnerability

Updated on October 13, 2020 by John-Paul Briones

36 Seconds to Read

Issue: A serious XSS security vulnerability was discovered and disclosed this morning that affects hundreds of WordPress plugins, which in turn affects millions of websites.
Status: Anyone who manages or maintains a WordPress site is strongly urged to update ALL plugins immediately.

Who is impacted?

People running WordPress websites with the following plugins:

  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

At this time, patches/updates should be released for all the above plugins. If you are running any of these plugins, please update it immediately.

JB
John-Paul Briones Content Writer II

John-Paul is an Electronics Engineer that spent most of his career in IT. He has been a Technical Writer for InMotion since 2013.

More Articles by John-Paul

Was this article helpful? Let us know!

WORDPRESS EDU

Download the Free Small Business Guide to WordPress eBook

This ebook will give small business owners of all skill levels the resources needed to create, connect, and grow a WordPress website. The more time you spend with this book, the more comfortable you’ll be with WordPress as your tool of choice.

Free eBook Download

Featured Articles