Several security updates released

Today a coordinated security patch release has been done for many WordPress plugins including several of my plugins. Due the amount of posts that will be published regarding this release I’ll just focus on my plugins and what action is required from the user’s end.

The vulnerability

Several of my plugins used add_query_arg without escaping the output resulting in an XSS vulnerability. All of my plugins only had this vulnerability in the WordPress backend meaning the XSS vulnerability could only be exploited if a logged in user would click a malicious link while being logged in. If you wish to read more on the security issue and how you can prevent it, I recommend you read this article by Sucuri.

Updates available

Updates for premium plugins will be automatically available if you’ve entered your license key in your WordPress backend. Please contact me via one of the links below if you’ve got any questions regarding updating your premium plugin. The following plugins I develop have been affected by this security issue and have patched updates available, thanks to the WP security team for helping coordinate this.

Plugin Secure version Auto updated
Related Posts for WordPress 1.8.2 Yes
Related Posts for WordPress Premium 1.3.4 No
Download Monitor 1.7.1/1.6.5* Yes
Post Connector 1.0.4 No
Post Connector Premium 1.6.4 No

* Download Monitor received 2 automatic updates. Both 1.7.1 and 1.6.5 are patched secure versions.

Above listed plugin updates should be available in your WordPress backend at this moment and for some of the plugins might already have been updated for you.

If you have any questions regarding these updates please don’t hesitate to send me an email:

Related Posts

Powered By Related Posts for WordPress
Click Here to Learn More About Related Posts for WordPress

92 thoughts on “Several security updates released

  1. […] SEO Gravity Forms Multiple Plugins from Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Multiple iThemes products including […]

  2. […] Gravity Forms Mitmed erinevad pluginad: Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Mitmed iThemes tooted/pluginas, sealhulgas […]

  3. They have solved many of the security problems with this new version of wordpress 4.2.

  4. I see you don’t monetize your site,you can make some additional money, just search in google for; ideas by Loocijano

  5. thank you for sharing the best article here.keep doing like this

  6. filmywap 2017

    Really appreciate for your amazing article. Keep going on, good stuff. Thank you for this valuable information.

  7. thank you for sharing informative article here.keep going like this with many more updates.

  8. Pretty! This was a really wonderful post. Thank you for providing these details.

  9. Pretty! This was a really wonderful post. Thank you for providing these details which are most useful.keep posting all updates like this

  10. XSS vulnerability is really dangerous, thanks for notifying us. I’ve read your all post, and it’s really helpful for my secondary wordpress blog.

  11. Thanks for sharing amazing post

  12. Thanks for sharing amazing post

  13. your content is so good

  14. Government jobs hold the kind of authority not found in private jobs. These also offer job security for a lifetime, and hence a lot of youth prefer them. Getting
    into a Government job requires a person to go through multiple levels of tests. Sarkari result include a written examination,interview and sometimes even physical
    examination. These are competitive exams, and millions of people appear for these exams to get into a coveted Government job.

  15. There is a common UPSC syllabus pattern for services such as the Indian Administrative Service, Indian Foreign Service,
    Indian Police Service, Indian Revenue Service (Customs and Central Excise) to name a few. However, different stages of the IAS exam have different syllabi.

  16. I appreciate your work. Here you can find best movies list, review .

  17. Job Seekers, who want Free Govt Job Alert quick and easy, Subscribe to IndGovtJobs today. The Freejobalert notifications for 12th Pass, 10th Pass,
    ITI, Diploma, B.E., B.Tech and Degree passed Indian Citizens to receive current active Freejobalert – RRB Railway, SSC, Bank, Police, Govt Colleges, Public Sector Companies and more related Govt Recruitment Vacancies.

  18. Nice set of Information provided Here in this post

  19. thanks for sharing amazing information keep posting!

  20. Security is the most important thing in web.

  21. Also, I want to add one more thing, there are a lot of new security plugins that can improve your website security, so I advise to use such type of plugins.

  22. how to overcome the security breach

  23. The tips in your book have helped me become more productive! Before your article, I was wasting so much time figuring out what to do and how to spend my time on my projects. Thank you for your instructions on how to be organized and stay on schedule. I will be recommending your article often!

Leave a Reply

Your email address will not be published. Required fields are marked *