Blog Post


Widespread WordPress Plugins and Themes Security Vulnerability


This is a general community announcement to bring your attention to an XSS vulnerability affecting multiple WordPress plugins and themes. The vulnerability is caused by a common code pattern used in WordPress plugins and themes available from most theme repositories,, ThemeForest and CodeCanyon, the website and other sources.

This issue is not limited to themes and plugins purchased from, ThemeForest or CodeCanyon. Anyone using a WordPress website, regardless of where the theme or plugin was sourced, needs to be aware of this and take immediate action to ensure it is secure.

Wordpress Hacked

What should I do?

As there is no simple way of knowing exactly which plugins or themes are affected, and the issue is widespread, our best advice is to periodically check for updates to any WordPress themes or plugins you are using and apply those available as soon as possible.

Most WordPress theme and plugin repositories are actively working with all authors, explaining the issue and asking them to check that their items are secure and to update them if necessary.

We expect these repositories to be continuously updated over the coming weeks, with the majority updated in the next few days.

For updates to items obtained from other sources, please check the repositories or contact the source of the product.

We strongly recommend continuing to check for updates, especially over the next few weeks, but also on an ongoing basis. It is important to always keep your WordPress installation and associated plugins and themes up to date. If you still have concerns, we suggest engaging an experienced WordPress developer to check whether your site is affected.

More details are available via the following links:

Posted In: The Vast Universe, Website Design

Share this post

Related Posts

The Power of Local SEO And Why You Should Use It
4 Social Media Marketing Mistakes You Need to Stop Making in 2018
How To Come Up With An Effective Content Marketing Strategy


comments powered by Disqus