■Outline
Sucuri Inc. pointed out that many plug-in in WordPress has vulnerabilities.

■Candidate

Sucuri Inc. confirmed the vulnerabilities in the following plug-in at the moment.

• Jetpack
• WordPress SEO
• Google Analytics by Yoast
• All In one SEO
• Gravity Forms
• Multiple Plugins from Easy Digital Downloads
• UpdraftPlus
• WP-E-Commerce
• WPTouch
• Download Monitor
• Related Posts for WordPress
• My Calendar
• P3 Profiler
• Give
• Multiple iThemes products including Builder and Exchange
• Broken-Link-Checker
• Ninja Forms

■Measure
This issue will be solved by updating the relevant product to the version provided by the developer.

■Related documents (references)

SecurityNEXT
Many WordPress plug-in such as WPTouch has vulnerabilities

Sucuri Inc
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins