This is a very important warning to notify you about security vulnerability from bulk of popular WordPress plugins. Those plugins released urgency updates to fix this critical bug, so this post is for notifying you to update those plugin immediately.
Most of those plugins used (actually, copy directly) example codes from WordPress.org Codex about add_query_arg() and remove_query_arg() when those examples has already security vulnerability themselves.
Yoast de Valk (author of SEO by Yoast plugin) and Johannes Schmitt (founder of Scrutinizer CI) are the authors who found this bug first and they recommended an urgency update to all other popular plugin authors who also used the example codes for their plugins.
List of Plugins for This Vulnerability
If you are using one of those following plugins, please access your update dashboard (usually stay at: http://yourdomain.com/wp-admin/update-core.php) and check if they have updates or not. If they have, please update all immediately.
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms