XSS sårbarhet påvirker flere Wordpress plugins

[xdex]

Det er funnet feil, som gjør at svært mange plugins er berørt.

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of theadd_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

Noen plugins som er på listen

• Jetpack
• WordPress SEO
• Google Analytics by Yoast
• All In one SEO
• Gravity Forms
• Multiple Plugins from Easy Digital Downloads
• UpdraftPlus
• WP-E-Commerce
• WPTouch
• Download Monitor
• Related Posts for WordPress
• My Calendar
• P3 Profiler
• Give
• Multiple iThemes products including Builder and Exchange
• Broken-Link-Checker
• Ninja Forms

Blir ikke overrasket om det er flere.

Source: https://blog.sucuri.net/2015/04/sec...ity-affecting-multiple-wordpress-plugins.html

 

[zapotek]

Takk for tipset. (da er det bare å slenge seg på en oppdateringsrunde)