It’s only Tuesday, and it’s already been a very busy week for WordPress site owners and Webmasters. Yesterday, April 20th, Securi announced the XSS vulnerability affecting multiple WordPress plugins including some of those most widely used by the community. This has resulted in a slew of plugin updates being released. I expect the updates to continue rolling in as additional plugin authors discover and correct the issue. Alongside the many plugin updates, WordPress released a security update to the core system, 4.1.2 as well.
WordPress is a remarkably customizable and flexible platform. It is constantly evolving and part of what makes it so great, the vast community of WordPress developers and plugin authors, makes it subject to security issues. The large percentage of sites running WordPress, last reported at 23.7% of ALL websites, makes it a high-profile targets to hackers. It is imperative that site owners and Webmasters keep their WordPress installations, including all plugins up-to-date. Sadly W3tech reports only WPTavern reports roughly 36% of sites are running the latest version of WordPress.