Another exploit revealed today, reinforces the fact that keeping your WordPress, theme and plugins updated reduces your site’s exposure to being hacked.
Securi blog sent out alerts today regarding a Cross-site Scripting (XSS) exploit which may impact a range of popular plugins including:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
WordPress 4.2.1 is a ‘critical update’ in response to this exploit and you should immediately, if not sooner apply this update.