Daily Archives

29 April 2015

How to solve the XSS Vulnerability with add_query_arg() and remove_query_arg() functions on WordPress?

A lot of WordPress Plugins and Themes are vulnerable to Cross-site Scripting (XSS) due to an unappropriate usage of two functions: add_query_arg() and remove_query_arg().

Some of the plugins/themes have been updated to reflect current changes, some have not.
If you don’t want to wait until all of your files are update to the latest version or if you want to be sure that your web site is not affected, see my tutorial below.

As a side note, it’s quite likely that your web site has a problem with this thing, if you use lots of plugins.

Below, my video solution to the problem.

Read Full Article »