The respected team at Sucuri have announced a serious bug in many WordPress plugins that could leave your site vulnerable to hackers. If you are currently using any of the plugins in the following list then you MUST update them asap to ensure the security of your site as they have all been making use of the vulnerable code.
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
It is important to note that whilst these plugins were definitely impacted, the vulnerable code was likely to have been used by many more plugin developers due to the way it was documented in the WordPress codex, a popular resource for people developing on WordPress.
You should always make sure you are keeping your plugins and themes up to date so that you have the latest and most secure releases, but especially for the next week you should be checking back regularly to ensure that you pick up bug fixes from the fallout of this issue as soon as they are available for your favourite plugins.
If you’d like to learn more about the vulnerability and the co-ordinated disclose process check out the official announcement here.