Bourn Creative

Transforming Businesses into Extraordinary Brands

  • Services
  • Portfolio
  • About
  • Praise
  • Blog
  • Start Your Project
WordPress Security Vulnerability
standard icon

Security Vulnerability Uncovered And A WordPress Security Update

April 22, 2015 Jennifer Bourn

A coordinated plugin update occurred Monday morning between many popular WordPress plugins to address a common security vulnerability that allows for XSS cross-site scripting attacks.

Post Status published a great article explaining the security vulnerability, and Yoast published a post explaining the backstory.

The exact number of plugins affected is unknown, but a number of the most popular WordPress plugins are affected, and millions of websites are vulnerable due to this issue. Jetpack and Yoast’s WordPress SEO alone are active on well over a million websites.

Sucuri has identified a minimum of fifteen plugins affected, but they have only looked into the top 300-400 and others that were notable.

Jetpack, Easy Digital Downloads, P3 Plugin Profiler, Download Monitor, and Related Posts for WordPress are all opting in to automated forced updates from WordPress.org. This means that these plugins have created new releases for each major branch of their plugins to be distributed and automatically updated by the WordPress.org team.

Other plugins are not opting in. Notably, Yoast did not opt in for WordPress SEO or their Google Analytics plugin. Joost de Valk cites concerns that some site owners had their plugins deactivated during the last forced upgrade process they went through.

Brian Krogsgard

WordPress Security Update

On Tuesday, WordPress also rolled out Security Release 4.1.2.

This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site.

Gary Pendergast

If you host with our favorite managed host WP Engine, they’ll update WordPress for you.

Update WordPress And Your Plugins

This means you need to log in to your WordPress site and update WordPress if it hasn’t been updated automatically. You also need to update ALL of your plugins that have updates available — and please don’t just log in and click the update button!

Be sure to perform a complete backup of your site before performing any updates, and if you have another service provider like a virtual assistant handle this for you, ensure they backup the site in full — especially if your site is your primary source of leads and income.

Share on TwitterShare on FacebookShare on LinkedIn

Category: WordPress Tips & Resources Tags: Website Security, WordPress Hosting, WordPress Plugins, WordPress Update

Subscribe To Our Blog & Never Miss A Thing

Sign up to get new our latest posts and announcements delivered straight to your inbox. Seriously, at this point, what’s one more email?

About Jennifer Bourn

Creative Director · Digital Strategist · WordPress Evangelist

As founder of Bourn Creative, Jennifer is an award-winning designer who has been working in the branding and design trenches since 1997. Today she consults on brand development, website strategy, and content strategy, works closely with clients on graphic design and web design projects with WordPress as her platform of choice.

When not immersed in client projects, Jennifer manages the Bourn Creative brand and our internal systems and processes. She speaks often on podcasts, summits, and at live events, and writes not only for our blog, but for several other websites, sharing her expertise on freelancing, client services, agency growth, blogging, marketing, and branding. Jennifer also co-organizes the Sacramento WordPress Meetup and is lead organizer for WordCamp Sacramento.

Discover What We Can Do For You

Have a project you think we'll like? Click the button below and tell us about it.

We love working with enthusiastic clients who are as passionate about their business as we are about strategy, design, and development. If that sounds like you, we should talk.

Start Your Project

Bourn Creative

  • Follow Us On Twitter
  • Like Us On Facebook

Copyright © 2022 Bourn Creative, LLC. All Rights Reserved.

Privacy | Disclaimer