Although Wordpress and some other CMS website platforms are quite popular and free, it is not uncommon for these platforms to have security vulnerabilities from time to time.

This is a general community announcement for all users of WordPress to bring your attention to an XSS vulnerability affecting multiple WordPress plugins and themes.

The vulnerability is caused by a common code pattern used in WordPress plugins and themes available from the wordpress.org website and other sources, regardless of where the theme or plugin was sourced.

It is vitally important that you upgrade to the latest secure version of WordPress 4.2.1 and take immediate action to ensure it is secure.

Earlier versions of WordPress contain a cross-site scripting security vulnerability that could allow an unauthenticated, remote attacker to compromise your website(s).

For steps on how to update your WordPress installation, please visit the WordPress website here.

Click here for additional reading on the cross-site scripting vulnerability.

While general WordPress security information, can be read here.

Please forward this email to your website developer if necessary if your website has been developed on Wordpress.


For our clients whose websites are built on the eSolve platform, you can ignore this alert, no worries!