Security alert: Update WordPress Plugins and Magento software

Tighten up to avoid XSS and Remote Command Execution attacks

If your website uses WordPress plugins or Magento e-commerce software, you might need to perform updates to protect your site from several major security vulnerabilities, following security alerts from and Check Point.

Multiple WordPress plugins are now vulnerable to Cross-Site Scripting (XSS) due the misuse of the add_query_arg() and remove_query_arg() functions. These functions are used in multiple plugins, so you should update all outdated plugins within your wp-admin dashboard.

The second major vulnerability, which is related to Magento e-commerce software, allows for Remote Command Execution on any site that is running an outdated version of Magento. We strongly suggest that you install the latest patches for Magento.

How to update WordPress plugins and Magento software

For help updating vulnerable WordPress plugins, please see “Managing Plugins.”

To patch Magento, check out these instructions.

Image by: justneal via Compfight cc

Todd Redfoot
As Chief Information Security Officer at GoDaddy, Todd Redfoot makes it his mission to keep customer and company data and systems safe. In his spare time, Todd enjoys frequent trips to the beach with his wife and kids. Connect with Todd on LinkedIn.