[!] Alert - XSS Vulnerability Affecting Multiple WordPress Plugins

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • MrGusMuller
    Confirmed User
    • Oct 2010
    • 1262

    #1

    Tech [!] Alert - XSS Vulnerability Affecting Multiple WordPress Plugins

    *Everyone* is infected....


    Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

    The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.
    Some affected plugins:
    • Jetpack
    • WordPress SEO
    • Google Analytics by Yoast
    • All In one SEO
    • Gravity Forms
    • Multiple Plugins from Easy Digital Downloads
    • UpdraftPlus
    • WP-E-Commerce
    • WPTouch
    • Download Monitor
    • Related Posts for WordPress
    • My Calendar
    • P3 Profiler
    • Give
    • Multiple iThemes products including Builder and Exchange
    • Broken-Link-Checker
    • Ninja Forms


    You MUST update this plugins since they have been patched this morning!


    https://blog.sucuri.net/2015/04/secu...s-plugins.html
    StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
    ICQ: 63*23*43*113

  • JD
    Too lazy to set a custom title
    • Sep 2003
    • 22651

    #2
    fuck my ass with a spoon.

    Comment

    • MrGusMuller
      Confirmed User
      • Oct 2010
      • 1262

      #3
      Originally posted by JD
      fuck my ass with a spoon.
      GFYjacking? :>
      StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
      ICQ: 63*23*43*113

      Comment

      • Bladewire
        StraightBro
        • Aug 2003
        • 56228

        #4
        Thanks for the heads up I appreciate it


        Skype: CallTomNow

        Comment

        • MrGusMuller
          Confirmed User
          • Oct 2010
          • 1262

          #5
          Originally posted by Bladewire
          Thanks for the heads up I appreciate it
          StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
          ICQ: 63*23*43*113

          Comment

          • anexsia
            Confirmed User
            • May 2010
            • 5735

            #6
            Originally posted by MrGusMuller
            Hey man I really appreciate the heads up! Just started updating all my Wordpress installs (hundreds...this will take some time lol).

            Comment

            • MrGusMuller
              Confirmed User
              • Oct 2010
              • 1262

              #7
              Originally posted by anexsia
              Hey man I really appreciate the heads up! Just started updating all my Wordpress installs (hundreds...this will take some time lol).


              boards are used to post naked girls, flamez, warning the community and other shits!
              its a pleasure.

              peace!
              StagCMS - Adult CMS - user friendly adult content management system - speed up your websites with no SQL connections
              ICQ: 63*23*43*113

              Comment

              Working...