Hinweis
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, sich anzumelden oder das Verzeichnis zu wechseln.
Für den Zugriff auf diese Seite ist eine Autorisierung erforderlich. Sie können versuchen, das Verzeichnis zu wechseln.
Anyone using a WordPress website needs to be aware of this current security issue and take immediate action to ensure your website is secure. It has been found that a lot of Plugins and Themes are vulnerable to Cross-site Scripting (XSS) due to the misuse of two coding functions.
(the add_query_arg() and remove_query_arg() functions)
What should I do?
Well you could review the code and search for the two functions listed above. Then make sure it is properly escaped or you could just – Update, Update, Update, Patch, Patch, Patch…
You should make sure your site is updated to WordPress 4.2.1 or later and make sure your plugins and themes are also up to date. I will go further and say I strongly recommend continuing to check for updates over the next few weeks.
More details are available via the following links:
- https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
- https://wptavern.com/xss-vulnerability-affects-more-than-a-dozen-popular-wordpress-plugins
- https://poststatus.com/coordinated-plugin-updates-to-address-security-vulnerability-in-many-popular-wordpress-plugins/
- https://wordpress.org/news/2015/04/wordpress-4-2-1/