Plugins are the like the wheels that drive WordPress websites and their vulnerability can highly affect websites performance. With the latest reports of cross-site scripting (XSS) vulnerability, a lot of plugins were put to threat and so the security team of WordPress came up with fast solution to these threats. Coordinated plugin updates were releases quite recently that called all the WordPress websites to update themselves. This potential XSS vulnerability arises due to the improper escaping of two common functions add_query_arg() and remove_query_arg() that makes the work of social hackers by accessing user’s information. Multiple plugins including the popular ones like Jetpack, P3 Plugin Profiler and Related Posts for WordPress seemed to be affected by this lapse. However, owners need not worry about the whole risk factor because the updates were released very fast and reduced plugin threats.
Originally posted 2017-10-06 05:09:59.