A great number of WordPress plugins (including many popular plugins with over millions of downloads) have been reported with vulnerability issues due to the misuse of the add_query_arg() and remove_query_arg() functions. These plugins include:
- Jetpack
- WordPress SEO
- Google Analytics by Yoast
- All in One SEO Pack
- Gravity Forms
- UpdraftPlus
- WP e-Commerce
- WP Touch
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Give
- Broken Link Checker
- Ninja Forms
As the problematic functions are very popular (functions used by developers to modify and add query strings to URLs within WordPress websites), there is a great chance that some other problematic plugins are not listed above. We strongly recommend that all WordPress users perform a full site backup and update the plugins ASAP. To learn more details about the vulnerability issues, please visit this blog article from Sucuri, the online website scanning firm.