In keeping with our policy of keeping our clients as up-to-date as possible, this is a general announcement for all users of WordPress websites from us or from anyone else.

We would like to bring your attention to an XSS vulnerability affecting multiple WordPress plugins and themes.  The vulnerability is caused by a common code pattern used in WordPress plugins and themes available from many different authors including the own website and other sources.

This issue is not limited to sites, themes and plugins purchased from us.  Anyone using a WordPress website, regardless of where the theme or plugin was sourced, needs to be aware of this and take immediate action to ensure it is secure.


What should I do?

As there is no simple way of knowing exactly which plugins or themes are affected, and the issue is widespread, our best advice is to periodically check for updates to any WordPress themes or plugins you are using and apply those available as soon as possible.

We expect any themes and other items to be continuously updated over the coming weeks, with the majority updated in the next few days of publication of this notice.  Updates may be downloaded from the Downloads page of your account as they become available.  If you would like to be automatically notified about new updates, please activate “Item update notifications” in your email settings.

For updates to items obtained from other sources, please check the Plugins and Themes pages in the WordPress Admin area or contact the source of the product.

We strongly recommend continuing to check for updates, especially over the next few weeks, but also on an ongoing basis.  It is important to always keep your WordPress installation and associated plugins and themes up to date.  If you still have concerns, we suggest contacting us and we will look into whether your site may be affected by this problem.


More information

More details are available via the following links: