Today a coordinated security patch release has been done for many WordPress plugins including several of my plugins. Due the amount of posts that will be published regarding this release I’ll just focus on my plugins and what action is required from the user’s end.
The vulnerability
Several of my plugins used add_query_arg
without escaping the output resulting in an XSS vulnerability. All of my plugins only had this vulnerability in the WordPress backend meaning the XSS vulnerability could only be exploited if a logged in user would click a malicious link while being logged in. If you wish to read more on the security issue and how you can prevent it, I recommend you read this article by Sucuri.
Updates available
Updates for premium plugins will be automatically available if you’ve entered your license key in your WordPress backend. Please contact me via one of the links below if you’ve got any questions regarding updating your premium plugin. The following plugins I develop have been affected by this security issue and have patched updates available, thanks to the WP security team for helping coordinate this.
Plugin | Secure version | Auto updated |
---|---|---|
Related Posts for WordPress | 1.8.2 | Yes |
Related Posts for WordPress Premium | 1.3.4 | No |
Download Monitor | 1.7.1/1.6.5* | Yes |
Post Connector | 1.0.4 | No |
Post Connector Premium | 1.6.4 | No |
* Download Monitor received 2 automatic updates. Both 1.7.1 and 1.6.5 are patched secure versions.
Above listed plugin updates should be available in your WordPress backend at this moment and for some of the plugins might already have been updated for you.
If you have any questions regarding these updates please don’t hesitate to send me an email:
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] SEO Gravity Forms Multiple Plugins from Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Multiple iThemes products including […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor Wordpress eklentisi […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Gravity Forms Mitmed erinevad pluginad: Easy Digital Downloads UpdraftPlus WP-E-Commerce WPTouch Download Monitor Related Posts for WordPress My Calendar P3 Profiler Give Mitmed iThemes tooted/pluginas, sealhulgas […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Descargar Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
They have solved many of the security problems with this new version of wordpress 4.2.
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
I see you don’t monetize your site,you can make some additional money, just search in google for; ideas by Loocijano
[…] Download Monitor […]
[…] Download Monitor […]
[…] Download Monitor […]
thank you for sharing the best article here.keep doing like this
Really appreciate for your amazing article. Keep going on, good stuff. Thank you for this valuable information.
thank you for sharing informative article here.keep going like this with many more updates.
Pretty! This was a really wonderful post. Thank you for providing these details.
Pretty! This was a really wonderful post. Thank you for providing these details which are most useful.keep posting all updates like this
XSS vulnerability is really dangerous, thanks for notifying us. I’ve read your all post, and it’s really helpful for my secondary wordpress blog.
Thanks for sharing amazing post
Nice Article.
Thanks for sharing amazing post
Amazing posts
your post is awesome
your content is so good
I appreciate your work. Here you can find best movies list, review .
Nice set of Information provided Here in this post
thanks for sharing amazing information keep posting!
Security is the most important thing in web.
Also, I want to add one more thing, there are a lot of new security plugins that can improve your website security, so I advise to use such type of plugins.
how to overcome the security breach
Wow. Now I’m going to be aware of that, I didn’t realize