Are you the user of WordPress? If yes, then bring your attention back to XSS vulnerability, which is impacting diverse WordPress powered themes & plugins. To keep your website secure from any sort of risks, it is indispensable to know the latest updates, announced by WordPress community. The primary cause of vulnerability is the usage of common code pattern, which is used generally in themes & plugins and comes from multifarious sources, including CodeCanyon, ThemeForest, wordpress.org.
The security concern is not confined to those premium plugins & themes that are purchased from CodeCanyon or ThemeForest. Anyone, who runs WordPress website, needs to take instant action to make sure the security regardless of knowing that from where plugin or theme was being sourced.
Steps That Need To Be Taken At Your Glance
However, no specific way is defined to know affected plugins or themes as the security issue is far-reaching, but the best suggestion is to check the latest updates periodically. The team of Envato continues to work along with the authors of CodeCanyon & ThemeForest. They are discussing the issue and at the same time asking the authors to discover, whether there items are secure or not as well as update them, if required.
List of Affected WordPress Plugins:
- WordPress SEO
- All In one SEO
- Ninja Forms
- Download Monitor
- Google Analytics by Yoast
- My Calendar
- Related Posts for WordPress
- Gravity Forms
In coming weeks, we expect that items purchased by ThemeForest & CodeCanyon will be updated regularly with major updates. As the updates will be available on Downloads page, they may be downloaded from there. If you want to be notified automatically regarding all new updates, then you need to activate “Item update notifications” in the settings of your email.
In order to update items, attained from other sources, you must check the page of Plugins & Themes under WordPress Admin section or contact product’s source.
Our recommendations for you is to keep checking the updates, particularly in the coming few weeks and ongoing basis as well. It is crucial to update WordPress installation and related themes & plugins.
If you still have concern related to your plugin or theme vulnerability, then don’t hesitate to contact Joost on WordPress Slack (@joostdevalk) for best solution.