Prevalent xss vulnerability threatening word press plugins and themes security
Detecvision Technologies is a leading web design and development company in India. We specializes in website designing, web application development, ecommerce solutions, PHP, Magento Web Development services in India and worldwide. We Experience a web design company that knows how to provide superior web design and development services.
Published on: Mar 4, 2016
Transcripts - Prevalent xss vulnerability threatening word press plugins and themes security
Prevalent XSS Vulnerability Threatening WordPress
Plugins and Themes Security
What is XSS Vulnerability?
Your website may not be safe. It may be vulnerable to several security threats and you
might not even be aware of that. What will you do?
Several WordPress Plugins and Themes are vulnerable to XSS (Cross-site Scripting). The XSS
issue crawls up due to the misuse of the add_query_arg() and remove_query_arg()
functions that are extensively used by the developers to alter and insert query strings to
URLs within WordpPress. This has become a nuisance for all the best web design
It may be present in the themes or plugins that you purchase from ThemeForest or
CodeCanyon. However, it is not limited to these sites. This problem may emerge out from
anywhere the plugin or theme was sourced. The companies offering best web design
services are now trying to search methods to rectify this issue.
What should you do?
While there is no plain and simple way to find out which plugins of your site have been
affected, you can do one thing to make sure that you are out of the bounds of threat. You
must check about the updates of plugins and themes regularly. This can be strenuous if you
have a huge array of plugins on your website.
Envato has been working actively with the ThemeForest and CodeCanyon authors explaining
the issue and asking them to keep a check on their products to make sure they are safe to
In the coming weeks, you can expect frequent updates to your plugins and themes. To make
sure that you update things on time, you can enable the notifications to your email id in the
settings. This will reduce the risk that has been posed due to the XSS vulnerability