Fraud Blocker Urgent Alert: Critical XSS Vulnerability in WP Adminify Plugin that impact 3 Million sites

Critical XSS Vulnerability Discovered in Popular WP Adminify Plugin


The recent discovery of a critical cross-site scripting (XSS) vulnerability in versions 3.1.6 and below of the popular WP Adminify plugin is extremely concerning for WordPress site owners. This vulnerability, if exploited, could allow attackers to inject malicious JavaScript code into admin dashboards and fronts facing sites.

As reported by security researcher Rio Darmawan, this vulnerability stems from insufficient input sanitization in the plugin code. Site admins using vulnerable versions of WP Adminify are strongly advised to update or remove the plugin immediately. Unfortunately, at the time of writing, no patched version appears to be available.

For site owners unable to update or remove WP Adminify, extra precautions are required. Enabling a web application firewall (WAF) like's free WordPress firewall plugin can provide an added layer of protection while a patch is developed. A WAF inspects incoming traffic and blocks XSS attempts and other attacks before they reach the site.

With XSS vulnerabilities among the most common and dangerous facing WordPress sites today, we urge users of WP Adminify to take action. Migrate to a safe alternative, or implement temporary mitigations like a WAF. Don't leave your site and data exposed!

Readers can improve their WordPress security posture by signing up for's free WordPress firewall plugin via their pricing page:


wordpress security update banner

Receive WP Security Weekly for Free 👋
Signup Now

Sign up to receive WordPress Security Update in your inbox, every week.

We don’t spam! Read our privacy policy for more info.