Major Security Flaws Discovered in WordPress and Plugins

Home » Web Design Blog » TrueHit News » Major Security Flaws Discovered in WordPress and Plugins

Several major security vulnerabilities have been found in WordPress 4.1.1, and with many commonly used WordPress plugins.

Clients using our popular Website Security Monitoring Services can rest easy knowing that their websites are secured appropriately to block hackers, and hack-bots, from maliciously using these vulnerabilities.

Keep your website safe and your data secure by contacting us to learn about our Website Security Monitoring Services.

Contact Us to Secure Your Website!

Additional details of the recently found security vulnerabilities may be found here:

Multiple WordPress Plugins are vulnerable to Cross-site Scripting (XSS) due to the misuse of the add_query_arg() and remove_query_arg() functions. These are popular functions used by developers to modify and add query strings to URLs within WordPress.

The official WordPress Official Documentation (Codex) for these functions was not very clear and misled many plugin developers to use them in an insecure way. The developers assumed that these functions would escape the user input for them, when it does not. This simple detail, caused many of the most popular plugins to be vulnerable to XSS.