Several security updates released

Today a coordinated security patch release has been done for many WordPress plugins including several of my plugins. Due the amount of posts that will be published regarding this release I’ll just focus on my plugins and what action is required from the user’s end.

The vulnerability

Several of my plugins used add_query_arg without escaping the output resulting in an XSS vulnerability. All of my plugins only had this vulnerability in the WordPress backend meaning the XSS vulnerability could only be exploited if a logged in user would click a malicious link while being logged in. If you wish to read more on the security issue and how you can prevent it, I recommend you read this article by Sucuri.

Updates available

Updates for premium plugins will be automatically available if you’ve entered your license key in your WordPress backend. Please contact me via one of the links below if you’ve got any questions regarding updating your premium plugin. The following plugins I develop have been affected by this security issue and have patched updates available, thanks to the WP security team for helping coordinate this.

Plugin Secure version Auto updated
Related Posts for WordPress 1.8.2 Yes
Related Posts for WordPress Premium 1.3.4 No
Download Monitor 1.7.1/1.6.5* Yes
Post Connector 1.0.4 No
Post Connector Premium 1.6.4 No

* Download Monitor received 2 automatic updates. Both 1.7.1 and 1.6.5 are patched secure versions.

Above listed plugin updates should be available in your WordPress backend at this moment and for some of the plugins might already have been updated for you.

If you have any questions regarding these updates please don’t hesitate to send me an email:

Related Posts

Powered By Related Posts for WordPress
Click Here to Learn More About Related Posts for WordPress

88 thoughts on “Several security updates released

  1. April 20, 2015 at 7:37 pm
    Sicherheit: Viele WordPress Plugins von XSS Lücke betroffen

    […] Download Monitor […]

    Reply
  2. April 20, 2015 at 8:08 pm
    XSS zranitelnost ohrožující velké množství WordPRess pluginů | Musilda.cz

    […] Download Monitor […]

    Reply
  3. April 20, 2015 at 8:33 pm
    Zraniteľnosť vo viac ako 300 moduloch. Aktualizujte! « WordPress Slovensko

    […] Download Monitor […]

    Reply
  4. April 20, 2015 at 8:59 pm
    Collective WordPress Security Update to fix XSS Security Flaw

    […] Download Monitor […]

    Reply
  5. April 20, 2015 at 11:55 pm
    All Client Need To Update Their Sites 4-20-2015 | Varick Design | varickdesign support

    […] Download Monitor […]

    Reply
  6. April 21, 2015 at 12:00 am
    Sucuri is reporting a vulnerabilities to the following plugins | Varick Design

    […] Download Monitor […]

    Reply
  7. April 21, 2015 at 2:08 am
    Update Your Plugins - XSS Vulnerability - wpONcall

    […] Download Monitor […]

    Reply
  8. April 21, 2015 at 4:15 am
    XSS Vulnerability in Multiple Wordpress Plugins

    […] Download Monitor […]

    Reply
  9. April 21, 2015 at 10:53 am
    Hromadné bezpečnostní problémy oblíbených pluginů | Separatista

    […] Download Monitor […]

    Reply
  10. April 21, 2015 at 12:05 pm
    XSS Vulnerability Affecting Multiple WordPress Plugins | Status Reliable Penguin

    […] Download Monitor […]

    Reply
  11. April 21, 2015 at 12:23 pm
    Diverse Wordpress Plugins verwundbar | Power-Netz bloggt!

    […] Download Monitor […]

    Reply
  12. April 21, 2015 at 2:40 pm
    XSS-Schwachstelle in vielen WordPress Erweiterungen | Tremonia

    […] Download Monitor […]

    Reply
  13. April 21, 2015 at 5:49 pm
    Security Advisory: XSS Vulnerability Affects Popular WordPress Plugins | VIRDIGI

    […] Download Monitor […]

    Reply
  14. April 21, 2015 at 7:02 pm
    OMM Comunicación | Aviso de seguridad: Vulnerabilidad XSS afectando a múltiples plugins de WordPress

    […] Download Monitor […]

    Reply
  15. April 21, 2015 at 8:43 pm
    Ojo: Si tienes una página con Wordpress (blog, portafolio, portal web, etc), actualiza inmediatamente - arturogoga

    […] Download Monitor […]

    Reply
  16. April 21, 2015 at 8:58 pm
    Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins - Austin WordPress Meetup

    […] Download Monitor […]

    Reply
  17. April 21, 2015 at 11:36 pm
    XSS Vulnerability Affecting Multiple WordPress Plugins

    […] Download Monitor […]

    Reply
  18. April 22, 2015 at 4:23 am
    Swarm of WordPress plugins susceptible to potentially dangerous exploits | TechDiem.com

    […] Download Monitor […]

    Reply
  19. April 22, 2015 at 11:45 am
    Ojo: Si tienes una página con WordPress (blog, portafolio, portal web, etc), actualiza inmediatamente | Donald Rodriguez

    […] Download Monitor […]

    Reply
  20. April 22, 2015 at 12:05 pm
    Jouw WordPress gebruikt kwetsbare plugins! - booop.nl

    […] SEO Gravity Forms Multiple Plugins from Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Multiple iThemes products including […]

    Reply
  21. April 22, 2015 at 12:29 pm
    SfN | Informationsblog » Blog Archive » XSS-Schwachstelle in vielen WordPress Erweiterungen

    […] Download Monitor […]

    Reply
  22. April 22, 2015 at 5:40 pm
    Swarm of WordPress plugins susceptible to potentially dangerous exploits : Web & Search Engine Optimizers : RippleSmith Web Optimization Services

    […] Download Monitor […]

    Reply
  23. April 22, 2015 at 10:06 pm
    Swarm of WordPress plugins susceptible to potentially dangerous exploits - The White Label Agency | Outsourced WordPress Website DevelopmentThe White Label Agency | Outsourced WordPress Website Development

    […] Download Monitor […]

    Reply
  24. April 22, 2015 at 10:50 pm
    Multiple WordPress Plugins a Target for Cross Site Scripting

    […] Download Monitor […]

    Reply
  25. April 23, 2015 at 5:21 am
    WordPress XSS跨站脚本漏洞影响多个著名插件 - WordPress 非官方中文站

    […] Download Monitor […]

    Reply
  26. April 23, 2015 at 11:21 am
    XSS Vulnerability Affecting Multiple WordPress Plugins | Developers TSN-Media

    […] Download Monitor […]

    Reply
  27. April 23, 2015 at 1:58 pm
    XSS Vulnerability Affecting Multiple WordPress Plugins | SG Cyber Security

    […] Download Monitor […]

    Reply
  28. April 23, 2015 at 4:48 pm
    Plugins mais usados do Wordpress estão vulneráveis a ataque XSS - Netdeep Blog

    […] Download Monitor […]

    Reply
  29. April 23, 2015 at 8:27 pm
    Vulnerabilidade de XSS Afeta Muitos Plug-ins de WordPress | Ideahosts

    […] Download Monitor […]

    Reply
  30. April 23, 2015 at 8:38 pm
    Security Issue: XSS Vulnerability Affecting Multiple WordPress Plugins |

    […] Download Monitor […]

    Reply
  31. April 23, 2015 at 10:22 pm
    Bir çok Wordpress eklentisinde XSS açığı bulundu | Beylikdüzü Web Tasarım Ajansı

    […] Download Monitor Wordpress eklentisi […]

    Reply
  32. April 24, 2015 at 1:34 am
    WordPress Community Alert | WiseowlWPB

    […] Download Monitor […]

    Reply
  33. April 24, 2015 at 1:55 am
    Security Update: WordPress Website Owners Be Warned - Major Announcement -

    […] Download Monitor […]

    Reply
  34. April 24, 2015 at 3:58 am
    Vulnerabilidad XSS afecta múltiples plugins de WordPress | lalomarquez

    […] Download Monitor […]

    Reply
  35. April 24, 2015 at 5:35 am
    Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins |

    […] Download Monitor […]

    Reply
  36. April 24, 2015 at 10:20 am
    24 april Wordpress Update Time - Minty Media

    […] Download Monitor […]

    Reply
  37. April 24, 2015 at 12:36 pm
    Will not be on for a few days | Phil Harrison's Blog

    […] Download Monitor […]

    Reply
  38. April 24, 2015 at 2:41 pm
    XSS Sicherheitslücke betrifft viele WordPress Plugins - Zerberos

    […] Download Monitor […]

    Reply
  39. April 24, 2015 at 2:43 pm
    XSS Sicherheitslücke betrifft viele WordPress Plugins - Netsolution

    […] Download Monitor […]

    Reply
  40. April 24, 2015 at 6:36 pm
    WordPress Plugins and Themes Security Vulnerability | Jason Huber .net

    […] Download Monitor […]

    Reply
  41. April 25, 2015 at 10:28 am
    WordPress vulnerabilidad XSS - Wemcor

    […] Download Monitor […]

    Reply
  42. April 25, 2015 at 2:50 pm
    Protéger vos clients ! Faille de sécurité XSS dans vos plugins WordPress ! | Eliott Dupuy

    […] Download Monitor […]

    Reply
  43. April 25, 2015 at 4:22 pm
    Security warning for WordPress | CHARLOTTE NC WORDPRESS TRAINING

    […] Download Monitor […]

    Reply
  44. April 26, 2015 at 2:24 am
    Vulnerabilidades WordPress en Temas y Plugins muy extendidos | Sistemas ACR

    […] Download Monitor […]

    Reply
  45. April 27, 2015 at 3:31 pm
    Vulnerability with Multiple WordPress Plugins • SeedUp seedUp Docs

    […] Download Monitor […]

    Reply
  46. April 27, 2015 at 4:32 pm
    WordPress, vulnérabilité XSS affectant les plugins et thèmes - Supersonique NetSupersonique Net

    […] Download Monitor […]

    Reply
  47. April 27, 2015 at 11:44 pm
    Wordpress Plugins - Urgente problema de seguridad XSS - Blog de Ciris - Tecnología y DiseñoBlog de Ciris – Tecnología y Diseño

    […] Download Monitor […]

    Reply
  48. April 28, 2015 at 2:15 am
    Security Vulnerability Affecting Many Popular WordPress Plugins  ~ The Army of Flying Monkeys

    […] Download Monitor […]

    Reply
  49. April 28, 2015 at 4:19 am
    Vulnerabilidade de XSS Afeta Muitos Plugins de WordPress

    […] Download Monitor […]

    Reply
  50. April 28, 2015 at 6:18 am
    WordPress 4.2 stored XSS exploit – Odden Creative Media

    […] Download Monitor […]

    Reply
  51. April 29, 2015 at 12:33 am
    WordPress XSS Exploit|Update or risk being hacked - Succinct Ideas. Your Local Internet Marketer.

    […] Download Monitor […]

    Reply
  52. April 29, 2015 at 1:03 pm
    Sigurnosni propust: XSS propust na WordPress sajtovima i kako se zaštititi

    […] Download Monitor […]

    Reply
  53. April 30, 2015 at 3:59 am
    Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins | Sucuri Blog | ID-FrontEnd

    […] Download Monitor […]

    Reply
  54. May 2, 2015 at 11:57 am
    Suur WordPressi (WP) XSS viga – Uuendage WP lisad! | Radicenter

    […] Gravity Forms Mitmed erinevad pluginad: Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Mitmed iThemes tooted/pluginas, sealhulgas […]

    Reply
  55. May 4, 2015 at 5:30 pm
    XSS Vulnerability Affecting Multiple WordPress Plugins – Get protected! | Wordpress Real Estate Website Design & Search Engine Optimization

    […] Download Monitor […]

    Reply
  56. May 4, 2015 at 6:52 pm
    WordPress XSS Vulnerability Fix - Asheville Web Design

    […] Download Monitor […]

    Reply
  57. May 6, 2015 at 12:25 pm
    Warning! Vulnerabilidad de los plugins de Wordpress | Grdar

    […] Descargar Monitor […]

    Reply
  58. June 15, 2015 at 5:08 pm
    Security Advisory: XSS vulnerabilidade que afeta Multiplos Multiplos WordPress - Blog da ValueHostBlog da ValueHost

    […] Download Monitor […]

    Reply
  59. June 18, 2015 at 11:43 pm
    ウェブコンサルティングシステム WSwordpress人気SEOプラグインに虚弱性発覚 - ウェブコンサルティングシステム WS

    […] Download Monitor […]

    Reply
  60. July 4, 2015 at 7:24 am
    WordPress 4.2 final ya disponible y Comprueba si utilizas plugins seguros at Gana Emprendedor Web

    […] Download Monitor […]

    Reply
  61. July 28, 2015 at 7:51 pm
    Alerte sécurité : Wordpress vulnérabilité XSS | Lisette Mag'

    […] Download Monitor […]

    Reply
  62. August 26, 2015 at 2:09 pm
    paginawebtoledo

    They have solved many of the security problems with this new version of wordpress 4.2.

    Reply
  63. December 14, 2015 at 10:40 am
    WordPress Plugin Affected by XSS Vulnerability

    […] Download Monitor […]

    Reply
  64. February 4, 2016 at 8:19 am
    Security Advisory: Vulnerability Affecting WordPress

    […] Download Monitor […]

    Reply
  65. February 28, 2016 at 2:11 pm
    Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins | Plasahosting Blogs

    […] Download Monitor […]

    Reply
  66. August 1, 2016 at 6:28 am
    Leia

    I see you don’t monetize your site,you can make some additional money, just search in google for; ideas by Loocijano

    Reply
  67. August 21, 2016 at 8:25 am
    ثغرات XSS أمنية خطيرة في منصة ووردبريس - اليوم لتصميم الجرافيك والهويات التجاريةاليوم لتصميم الجرافيك والهويات التجارية

    […] Download Monitor […]

    Reply
  68. September 4, 2016 at 2:11 pm
    Security Issues Plague WordPress Plugins | ozeworks.us

    […] Download Monitor […]

    Reply
  69. October 15, 2016 at 10:30 pm
    Security Advisory: XSS vulnerabilidade que afeta Multiplos Multiplos WordPress - Blog da ValueHost

    […] Download Monitor […]

    Reply
  70. March 12, 2017 at 2:00 pm
    SHOWBOXAPK

    thank you for sharing the best article here.keep doing like this

    Reply
  71. April 9, 2017 at 6:50 pm
    filmywap 2017

    Really appreciate for your amazing article. Keep going on, good stuff. Thank you for this valuable information.

    Reply
  72. May 4, 2017 at 7:32 am
    vinod

    thank you for sharing informative article here.keep going like this with many more updates.

    Reply
  73. November 8, 2017 at 8:50 pm
    Jio4gvoice

    Pretty! This was a really wonderful post. Thank you for providing these details.

    Reply
  74. March 10, 2019 at 8:50 am
    cyberflix

    Pretty! This was a really wonderful post. Thank you for providing these details which are most useful.keep posting all updates like this

    Reply
  75. May 3, 2019 at 8:27 am
    Mahadev

    XSS vulnerability is really dangerous, thanks for notifying us. I’ve read your all post, and it’s really helpful for my secondary wordpress blog.

    Reply
  76. February 1, 2020 at 4:56 pm
    mechanic

    Thanks for sharing amazing post

    Reply
  77. March 14, 2020 at 2:48 pm
    FreeJobAlert

    Nice Article.

    Reply
  78. April 24, 2020 at 2:58 pm
    Anurag srivastava yadav

    Thanks for sharing amazing post

    Reply
  79. April 24, 2020 at 4:20 pm
    Aarav

    Amazing posts

    Reply
  80. April 25, 2020 at 7:43 am
    ccc online test

    your post is awesome

    Reply
  81. April 25, 2020 at 9:08 am
    Army Bharti

    your content is so good

    Reply
  82. May 10, 2020 at 6:16 pm
    hindi moviz

    I appreciate your work. Here you can find best movies list, review .

    Reply
  83. June 5, 2020 at 4:48 pm
    lexi

    Nice set of Information provided Here in this post

    Reply
  84. November 23, 2020 at 8:14 pm
    gbwhatsapp

    thanks for sharing amazing information keep posting!

    Reply
  85. November 25, 2020 at 2:37 pm
    Jim

    Security is the most important thing in web.

    Reply
  86. December 14, 2020 at 9:55 am
    Jim

    Also, I want to add one more thing, there are a lot of new security plugins that can improve your website security, so I advise to use such type of plugins.

    Reply
  87. January 9, 2021 at 3:01 pm
    Tubemate for pc

    how to overcome the security breach

    Reply
  88. March 8, 2021 at 5:44 am
    VAX

    Wow. Now I’m going to be aware of that, I didn’t realize

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *