This can be a normal group announcement to convey your consideration to an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is attributable to a typical code sample utilized in WordPress plugins and themes obtainable from ThemeForest and CodeCanyon, the wordpress.org web site and different sources.
This challenge isn't restricted to themes and plugins bought from ThemeForest or CodeCanyon. Anybody utilizing a WordPress web site, no matter the place the theme or plugin was sourced, wants to pay attention to this and take quick motion to make sure it's safe.
What ought to I do?
As there isn't any easy means of realizing precisely which plugins or themes are affected, and the problem is widespread, our greatest recommendation is to periodically verify for updates to any WordPress themes or plugins you might be utilizing and apply these obtainable as quickly as potential.
Greatwp is actively working with all ThemeForest and CodeCanyon authors, explaining the problem and asking them to verify that their objects are safe and to replace them if obligatory.
We count on ThemeForest and CodeCanyon objects to be repeatedly up to date over the approaching weeks, with the bulk up to date within the subsequent few days. Updates could also be downloaded from the Downloads web page as they turn into obtainable. If you want to be mechanically notified about new updates, please activate “Merchandise replace notifications” in your e mail settings.
For updates to objects obtained from different sources, please verify the Plugins and Themes pages within the WordPress Admin space or contact the supply of the product.
We strongly suggest persevering with to verify for updates, particularly over the following few weeks, but additionally on an ongoing foundation. It is very important all the time preserve your WordPress set up and related plugins and themes updated. When you nonetheless have issues, we propose partaking an skilled WordPress developer to verify whether or not your web site is affected.
Extra particulars can be found through the next hyperlinks:
- https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
- http://wptavern.com/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins
- https://poststatus.com/coordinated-plugin-updates-to-address-security-vulnerability-in-many-popular-wordpress-plugins/
