The documentation presented in the official WordPress Codex for the functions of add_query_arg() and remove_query_arg() led to the insecure usage of these functions. As a result, many WordPress plugins that used these functions are vulnerable to cross-site scripting (XSS). The vulnerability affects input functions in a plugin and must therefore be updated as soon as possible.
These are the affected plugins to date:
| Jetpack |
| WordPress SEO |
| Google Analytics by Yoast |
| All In one SEO |
| Gravity Forms |
| Multiple Plugins from Easy Digital Downloads |
| UpdraftPlus |
| WP-E-Commerce |
| WPTouch |
| Download Monitor |
| Related Posts for WordPress |
| My Calendar |
| P3 Profiler |
| Give |
| Multiple iThemes products including Builder and Exchange |
| Broken-Link-Checker |
| Ninja Forms |
There may be more plugins affected by the vulnerability. ALL users of WordPress are highly recommended to update their plugins immediately. Plugins can easily be updated through the WordPress Administrator.
| Email: | support@WebHostingHub.com | Ticket: | Submit a Support Ticket |
|---|---|---|---|
| Call: |
877-595-4HUB (4482) 757-416-6627 (Intl.) |
Chat: | Click To Chat Now |
We value your feedback!
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
new! - Enter your name and email address above and we will post your feedback in the comments on this page!