There is a new XSS Vulnerability that was discovered that affects many different plugins on WordPress, including Jetpack, All In One SEO, Gravity Forms, Broken Link Checker, and UpdraftPlus. There are more plugins that are affected so we recommend that you update your WordPress website ASAP – even if you don’t have some of the plugins listed above. If you are on the Orbit Website Health Program, your website has already been updated and is secure from this threat.
What is this Vulnerability and how did it happen? Basically there are two code functions – add_query_arg() and remove_query_arg() – that are not being used correctly in the plugins. Because of this, hackers are able to inject code into the front end of WordPress allowing them to gain access to the Dashboard without even logging in. Once inside your WordPress, the hacker has full control of your website and can change/delete content, add malicious scripts, add viruses, or completely change the website.
If you are not signed up for Orbit’s Website Health Program, make sure that you backup your website and then update all of your plugins. You also may want to make sure you are using the latest version of WordPress. If you are not familiar with updating WordPress, we recommend you have Orbit or someone with experience complete the updates so that they are done correctly with minimal website down time.
You can also join our Website Health Program today and let us take care of it all for you. Click here to learn more about the program, or give us a call at 303.433.1616 ext. 6#
For more information about the WordPress Vulnerability, click here. (Or watch a video here)