Fraud Blocker Urgent Alert: Critical XSS Vulnerability in WP Adminify Plugin that impact 3 Million sites

流行的 WP Adminify 插件中发现严重 XSS 漏洞


The recent discovery of a critical cross-site scripting (XSS) vulnerability in versions 3.1.6 and below of the popular WP Adminify plugin is extremely concerning for WordPress site owners. This vulnerability, if exploited, could allow attackers to inject malicious JavaScript code into admin dashboards and fronts facing sites.

As reported by security researcher Rio Darmawan, this vulnerability stems from insufficient input sanitization in the plugin code. Site admins using vulnerable versions of WP Adminify are strongly advised to update or remove the plugin immediately. Unfortunately, at the time of writing, no patched version appears to be available.

For site owners unable to update or remove WP Adminify, extra precautions are required. Enabling a web application firewall (WAF) like's free WordPress firewall plugin can provide an added layer of protection while a patch is developed. A WAF inspects incoming traffic and blocks XSS attempts and other attacks before they reach the site.

With XSS vulnerabilities among the most common and dangerous facing WordPress sites today, we urge users of WP Adminify to take action. Migrate to a safe alternative, or implement temporary mitigations like a WAF. Don't leave your site and data exposed!

Readers can improve their WordPress security posture by signing up for's free WordPress firewall plugin via their pricing page:


wordpress security update banner

免费接收 WP 安全周刊 👋

注册以每周在您的收件箱中接收 WordPress 安全更新。

我们不发送垃圾邮件!阅读我们的 隐私政策 了解更多信息。