Zen Den Web Design feels it is important to share the information we get regarding WordPress, particularly and security updates that may affect our customers or the WordPress community in general.
We’d like to bring to your attention a recent XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes available from ThemeForest and CodeCanyon, thewordpress.org website and other sources.
This issue is not limited to themes and plugins purchased from ThemeForest or CodeCanyon. Anyone using a WordPress website, regardless of where the theme or plugin was sourced, needs to be aware of this and take any necessary action to ensure it is secure.
What should you do?
As there is no simple way of knowing exactly which plugins or themes are affected, and the issue could be widespread, our best advice is to periodically check for updates to any WordPress themes or plugins you are using and apply those that are available as soon as possible.
Envato stated in a press release that it believes ThemeForest and CodeCanyon items will be continuously updated over the coming weeks, with the majority updated in the next few days. Updates may be downloaded from the Envato Downloads page as they become available. If you have an Envato account and would like to be automatically notified about new updates, simply activate “Item update notifications” in your email settings.
For updates to items obtained from sources other than Envato, you can simply check the Plugins and Themes pages in the WordPress Admin area or contact the source of the product.
We recommend continuing to check for updates, especially over the next few weeks, but also on an ongoing basis. It is important to always keep your WordPress installation and associated plugins and themes up to date. If you still have concerns, Zen Den is an experienced WordPress developer and can provide consulting on whether or not your site is affected.
More details are available via the following links:
1. XSS Vulnerability and WordPress Plugins