This is a very important warning to notify you about security vulnerability from bulk of popular WordPress plugins. Those plugins released urgency updates to fix this critical bug, so this post is for notifying you to update those plugin immediately.
Most of those plugins used (actually, copy directly) example codes from WordPress.org Codex about add_query_arg() and remove_query_arg() when those examples has already security vulnerability themselves.
Yoast de Valk (author of SEO by Yoast plugin) and Johannes Schmitt (founder of Scrutinizer CI) are the authors who found this bug first and they recommended an urgency update to all other popular plugin authors who also used the example codes for their plugins.
List of Plugins for This Vulnerability
If you are using one of those following plugins, please access your update dashboard (usually stay at: http://yourdomain.com/wp-admin/update-core.php) and check if they have updates or not. If they have, please update all immediately.
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
Yes, WordPress 4.2 was released last night. Let’s review some awesome updates in this version. An easier way to share content with ... READ MORE
This news must break all blogger fans’s hearts. An Official Contact Form for Blogger was released one day ago. As you know, contact ... READ MORE