I’d like to bring to your attention to an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes.
Re: Widespread WordPress Plugins and Themes Security Vulnerability
Thanks for the headsup. I’m pretty sure mine are all upgraded, but I’ll be double checking here in a few minutes! Also, for those that aren’t having their blogs auto-update, you NEED to install the latest version YESTERDAY … there is a huge vulnerability in the comment scripting.
If your WordPress site allows users to post comments via the WordPress commenting system, youâre at risk. An attacker could leverage a bug in the way comments are stored in the siteâs database to insert malicious scripts on your site, thus potentially allowing them to infect your visitors with malware, inject SEO spam or even insert backdoor in the siteâs code if the code runs when in a logged-in administrator browser.
Read more here
Re: Widespread WordPress Plugins and Themes Security Vulnerability
[QUOTE=Bec;158740]Thanks for the headsup. I’m pretty sure mine are all upgraded, but I’ll be double checking here in a few minutes! Also, for those that aren’t having their blogs auto-update, you NEED to install the latest version YESTERDAY … there is a huge vulnerability in the comment scripting.
Read more here[/QUOTE]
Any idea if this effects blogs running disqus comments system?
Re: Widespread WordPress Plugins and Themes Security Vulnerability
I can’t remember if disqus plugin is in the list, but irrespective, it effects all blogs running any of the over 400 plugins, so update to 4.2.1 as soon as possible, and update any themes and plugins that need updating. ThemeForest also sent out a notice, noting that many themes are also at risk, and that their authors will be rushing out fixes. As well as plugin authors for CodeCanyon.
Re: Widespread WordPress Plugins and Themes Security Vulnerability
It might be worth people checking their mobile versions, nothing is working on mine since WP updated today.
WPTouch isn’t loading posts unless I disable slider, videos not displaying, polls not functioning. I am at a loss as to what has happened, the only change in this time has been the WP update.
Re: Widespread WordPress Plugins and Themes Security Vulnerability
[QUOTE=conran;158751]It might be worth people checking their mobile versions, nothing is working on mine since WP updated today.
WPTouch isn’t loading posts unless I disable slider, videos not displaying, polls not functioning. I am at a loss as to what has happened, the only change in this time has been the WP update.[/QUOTE]
I had quite a few plugin problems at first, once the updates started comming things started working better then @-)
Re: Widespread WordPress Plugins and Themes Security Vulnerability
Well, even deactivating all plugins and leaving WPTouch I still have (guessing here) JQueery issues, ever since the WP update. Menus, videos and polls are all fucked up.
Finally got videos kind of showing (half way off the page) by changing the video setting from responsive to fixed size, but still menus and polls are not responding at all no matter what I do.
