You are here: Home / Blog / Google Analytics for WordPress Plugin Vulnerability Fixed

Google Analytics for WordPress Plugin Vulnerability Fixed

By 3 Comments

Google Analytics for WordPress Plugin VulnerabilityThe Google Analytics for WordPress plugin was found with a XSS scripting vulnerability, if the track outbounds clicks option was selected.

This issue was found by David Whitehouse and James Slater of DavidNaylor.co.uk  and notified the develop right away. The developer, Joost de Valk took immediate action and got this security issue fixed.

On July 20, 2011, this plugin was updated in the WordPress.org Plugin Repository to version 4.1.3 and is available for immediate download.

Google Analytics for WordPress Plugin Changelog:

Version 4.1.3 — Security fix: badly crafted comments could lead to insertion of "weird" links into comments. They'd have to pass your moderation, but still... Immediate update advised.

If you're using Google Analytics for WordPress plugin version 4.1.2 or before it is advised that you update this plugin immediately!

To find out more about this security issue, please read "Update Yoast's Google Analytics for WordPress Plugin V4.1.3 — XSS Scripting Vulnerability Fixed."

Thanks David and James for finding and reporting this issue. And thanks Joost for updating your plugin so fast!

What does the Google Analytics for WordPress plugin do?

Watch the video below...

What should you do now?

If you're using an earlier version of the Google Analytics for WordPress plugin (pre-4.1.3), update this plugin immediately. You can upgrade from your WordPress Dashboard (wp-admin) or download the lastest version here. You can also find out more by visiting Yoast.com.

Leave Your Feedback

Do you use this plugin? If so, how do you like it? Was your WordPress blog affected by any weird links and/or codes in your comments and using this plugin before the update?

Securely yours,

Regina Smola
Regina Smola
WordPress Security Expert
Follow me on Twitter
Follow WPSecurityLock on Twitter
Become a Facebook Fan

Pin It
Filed Under: Blog, Bugs & Vulnerabilities Tagged With: , , ,
About Regina Smola

Regina is a sought-after WordPress Security Expert, Speaker, Author and owner of WPSecurityLock.com and WPSecurityClub.com.

She has helped thousands of WordPress users tighten security on their WordPress blogs and written numerous articles, books and action guides on securing self-hosted WordPress websites.

Regina provides WordPress Security Services for clients with both new and existing WordPress websites. She also offers individual consultations and group training on WordPress security. More about Regina Smola.

Comments

  1. Wayne Harriman says:
    July 20, 2011 at 7:20 pm

    Regina, I'm using Google Analyticator (http://wordpress.org/extend/plugins/google-analyticator/), do you know if that vulnerability also affects this plug-in? I can find no mention of it if it does. Thanks!
    Follow @ on Twitter

    Reply
    • Regina Smola says:
      July 20, 2011 at 8:19 pm

      Hi Wayne,

      That plugin has a different developer. I checked the changelog and don't see any mention of security fixes in version 6.2. Just to be save, make sure you're using the latest version.

      Hope that helps,

      ~ Regina

      Reply
  2. Wayne Harriman says:
    July 20, 2011 at 10:46 pm

    OK thanks, I am using v. 6.2 so hopefully I'm OK! Thanks for keeping us up to date on all these vunerabilities and fixes!
    Follow @ on Twitter

    Reply

Speak Your Mind

*

You can add a link to follow you on twitter if you put your username in this box.
Only needs to be added once (unless you change your username). No http or @ Twitter