WordPress XSS Exploit|Update or risk being hacked
WordPress is a hacker target
Another exploit revealed today, reinforces the fact that keeping your WordPress, theme and plugins updated reduces your site’s exposure to being hacked.
Securi blog sent out alerts today regarding a Cross-site Scripting (XSS) exploit which may impact a range of popular plugins including:
- Jetpack
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- UpdraftPlus
- WP-E-Commerce
- WPTouch
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Give
- Multiple iThemes products including Builder and Exchange
- Broken-Link-Checker
- Ninja Forms
WordPress 4.2.1 is a ‘critical update’ in response to this exploit and you should immediately, if not sooner apply this update.