Google Analytics for WordPress Plugin Vulnerability Fixed

Google Analytics for WordPress Plugin VulnerabilityThe Google Analytics for WordPress plugin was found with a XSS scripting vulnerability, if the track outbounds clicks option was selected.

This issue was found by David Whitehouse and James Slater of DavidNaylor.co.uk  and notified the develop right away. The developer, Joost de Valk took immediate action and got this security issue fixed.

On July 20, 2011, this plugin was updated in the WordPress.org Plugin Repository to version 4.1.3 and is available for immediate download.

Google Analytics for WordPress Plugin Changelog:

Version 4.1.3 — Security fix: badly crafted comments could lead to insertion of “weird” links into comments. They’d have to pass your moderation, but still… Immediate update advised.

If you’re using Google Analytics for WordPress plugin version 4.1.2 or before it is advised that you update this plugin immediately!

To find out more about this security issue, please read “Update Yoast’s Google Analytics for WordPress Plugin V4.1.3 — XSS Scripting Vulnerability Fixed.”

Thanks David and James for finding and reporting this issue. And thanks Joost for updating your plugin so fast!

What does the Google Analytics for WordPress plugin do?

Watch the video below…

What should you do now?

If you’re using an earlier version of the Google Analytics for WordPress plugin (pre-4.1.3), update this plugin immediately. You can upgrade from your WordPress Dashboard (wp-admin) or download the lastest version here. You can also find out more by visiting Yoast.com.

Leave Your Feedback

Do you use this plugin? If so, how do you like it? Was your WordPress blog affected by any weird links and/or codes in your comments and using this plugin before the update?

Securely yours,

Regina Smola
Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan

Comments

    • says

      Hi Wayne,

      That plugin has a different developer. I checked the changelog and don’t see any mention of security fixes in version 6.2. Just to be save, make sure you’re using the latest version.

      Hope that helps,

      ~ Regina

  1. Wayne Harriman says

    OK thanks, I am using v. 6.2 so hopefully I’m OK! Thanks for keeping us up to date on all these vunerabilities and fixes!

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

CommentLuv badge