You are here: Home / Blog / Google Analytics for WordPress Plugin Vulnerability Fixed

Google Analytics for WordPress Plugin Vulnerability Fixed

Last updated on July 26, 2011 by 3 Comments

Google Analytics for WordPress Plugin VulnerabilityThe Google Analytics for WordPress plugin was found with a XSS scripting vulnerability, if the track outbounds clicks option was selected.

This issue was found by David Whitehouse and James Slater of DavidNaylor.co.uk  and notified the develop right away. The developer, Joost de Valk took immediate action and got this security issue fixed.

On July 20, 2011, this plugin was updated in the WordPress.org Plugin Repository to version 4.1.3 and is available for immediate download.

Google Analytics for WordPress Plugin Changelog:

Version 4.1.3 — Security fix: badly crafted comments could lead to insertion of "weird" links into comments. They'd have to pass your moderation, but still... Immediate update advised.

If you're using Google Analytics for WordPress plugin version 4.1.2 or before it is advised that you update this plugin immediately!

To find out more about this security issue, please read "Update Yoast's Google Analytics for WordPress Plugin V4.1.3 — XSS Scripting Vulnerability Fixed."

Thanks David and James for finding and reporting this issue. And thanks Joost for updating your plugin so fast!

What does the Google Analytics for WordPress plugin do?

Watch the video below...

What should you do now?

If you're using an earlier version of the Google Analytics for WordPress plugin (pre-4.1.3), update this plugin immediately. You can upgrade from your WordPress Dashboard (wp-admin) or download the lastest version here. You can also find out more by visiting Yoast.com.

Leave Your Feedback

Do you use this plugin? If so, how do you like it? Was your WordPress blog affected by any weird links and/or codes in your comments and using this plugin before the update?

Securely yours,

Regina Smola
Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan

==>> Pssst… Did you attend the “How to Create Prospect & Profit Pulling Content in 20 Minutes or Less with Jeff Herring, a Webinar Hosted by Regina Smola?”

Wow! What an amazing webinar. We were pumping out content during this live event, it was action packed and we produced results! And you can too! Listen to the Replay Right Now!. (Hurry, it's free and only available till the end of the weekend.)

Filed Under: Blog, Bugs & Vulnerabilities Tagged With: , , ,
About Regina Smola

Regina is a sought-after WordPress Security Expert, Speaker, Author and owner of WPSecurityLock.com. She has helped thousands of WordPress users tighten security on their WordPress sites and fixed hundreds of hacked WordPress blogs. Read More. Follow on Facebook, Google+, Twitter.

Comments

  1. Wayne Harriman says:
    July 20, 2011 at 7:20 pm

    Regina, I'm using Google Analyticator (http://wordpress.org/extend/plugins/google-analyticator/), do you know if that vulnerability also affects this plug-in? I can find no mention of it if it does. Thanks!

    Reply
    • Regina Smola says:
      July 20, 2011 at 8:19 pm

      Hi Wayne,

      That plugin has a different developer. I checked the changelog and don't see any mention of security fixes in version 6.2. Just to be save, make sure you're using the latest version.

      Hope that helps,

      ~ Regina

      Reply
  2. Wayne Harriman says:
    July 20, 2011 at 10:46 pm

    OK thanks, I am using v. 6.2 so hopefully I'm OK! Thanks for keeping us up to date on all these vunerabilities and fixes!

    Reply

Speak Your Mind

*

CommentLuv badge
Real Time Web Analytics