Several security updates released

several-security-updates-released

Today a coordinated security patch release has been done for many WordPress plugins including several of my plugins. Due the amount of posts that will be published regarding this release I’ll just focus on my plugins and what action is required from the user’s end.

The vulnerability

Several of my plugins used add_query_arg without escaping the output resulting in an XSS vulnerability. All of my plugins only had this vulnerability in the WordPress backend meaning the XSS vulnerability could only be exploited if a logged in user would click a malicious link while being logged in. If you wish to read more on the security issue and how you can prevent it, I recommend you read this article by Sucuri.

Updates available

Updates for premium plugins will be automatically available if you’ve entered your license key in your WordPress backend. Please contact me via one of the links below if you’ve got any questions regarding updating your premium plugin. The following plugins I develop have been affected by this security issue and have patched updates available, thanks to the WP security team for helping coordinate this.

Plugin Secure version Auto updated
Related Posts for WordPress 1.8.2 Yes
Related Posts for WordPress Premium 1.3.4 No
Download Monitor 1.7.1/1.6.5* Yes
Post Connector 1.0.4 No
Post Connector Premium 1.6.4 No

* Download Monitor received 2 automatic updates. Both 1.7.1 and 1.6.5 are patched secure versions.

Above listed plugin updates should be available in your WordPress backend at this moment and for some of the plugins might already have been updated for you.

If you have any questions regarding these updates please don’t hesitate to send me an email:

Related Posts

Powered By Related Posts for WordPress
Related Posts for WordPress

65 thoughts on “Several security updates released

  1. […] SEO Gravity Forms Multiple Plugins from Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Multiple iThemes products including […]

  2. […] Gravity Forms Mitmed erinevad pluginad: Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Mitmed iThemes tooted/pluginas, sealhulgas […]

  3. They have solved many of the security problems with this new version of wordpress 4.2.

Leave a Reply

Your email address will not be published. Required fields are marked *