GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Tech [!] Alert - XSS Vulnerability Affecting Multiple WordPress Plugins (https://gfy.com/showthread.php?t=1165256)

MrGusMuller 04-20-2015 12:39 PM
[!] Alert - XSS Vulnerability Affecting Multiple WordPress Plugins
 
*Everyone* is infected....


Quote:
Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.
Some affected plugins:
  • Jetpack
  • WordPress SEO
  • Google Analytics by Yoast
  • All In one SEO
  • Gravity Forms
  • Multiple Plugins from Easy Digital Downloads
  • UpdraftPlus
  • WP-E-Commerce
  • WPTouch
  • Download Monitor
  • Related Posts for WordPress
  • My Calendar
  • P3 Profiler
  • Give
  • Multiple iThemes products including Builder and Exchange
  • Broken-Link-Checker
  • Ninja Forms

You MUST update this plugins since they have been patched this morning!


https://blog.sucuri.net/2015/04/secu...s-plugins.html

JD 04-20-2015 01:04 PM
fuck my ass with a spoon.

MrGusMuller 04-20-2015 01:15 PM
Quote:
Originally Posted by JD (Post 20454001)
fuck my ass with a spoon.
GFYjacking? :>

Bladewire 04-20-2015 02:14 PM
Thanks for the heads up I appreciate it :thumbsup

MrGusMuller 04-20-2015 05:35 PM
Quote:
Originally Posted by Bladewire (Post 20454088)
Thanks for the heads up I appreciate it :thumbsup
:thumbsup:thumbsup

anexsia 04-20-2015 06:26 PM
Quote:
Originally Posted by MrGusMuller (Post 20454262)
:thumbsup:thumbsup
Hey man I really appreciate the heads up! Just started updating all my Wordpress installs (hundreds...this will take some time lol).

MrGusMuller 04-20-2015 06:45 PM
Quote:
Originally Posted by anexsia (Post 20454306)
Hey man I really appreciate the heads up! Just started updating all my Wordpress installs (hundreds...this will take some time lol).
:thumbsup:thumbsup

boards are used to post naked girls, flamez, warning the community and other shits! :)
its a pleasure.

peace!


All times are GMT -7. The time now is 09:13 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123