Fraud Blocker Urgent Alert: Critical XSS Vulnerability in WP Adminify Plugin that impact 3 Million sites

在流行的 WP Adminify 外掛程式中發現嚴重 XSS 漏洞


The recent discovery of a critical cross-site scripting (XSS) vulnerability in versions 3.1.6 and below of the popular WP Adminify plugin is extremely concerning for WordPress site owners. This vulnerability, if exploited, could allow attackers to inject malicious JavaScript code into admin dashboards and fronts facing sites.

As reported by security researcher Rio Darmawan, this vulnerability stems from insufficient input sanitization in the plugin code. Site admins using vulnerable versions of WP Adminify are strongly advised to update or remove the plugin immediately. Unfortunately, at the time of writing, no patched version appears to be available.

For site owners unable to update or remove WP Adminify, extra precautions are required. Enabling a web application firewall (WAF) like's free WordPress firewall plugin can provide an added layer of protection while a patch is developed. A WAF inspects incoming traffic and blocks XSS attempts and other attacks before they reach the site.

With XSS vulnerabilities among the most common and dangerous facing WordPress sites today, we urge users of WP Adminify to take action. Migrate to a safe alternative, or implement temporary mitigations like a WAF. Don't leave your site and data exposed!

Readers can improve their WordPress security posture by signing up for's free WordPress firewall plugin via their pricing page:


wordpress security update banner

免費接收 WP 安全周刊 👋

註冊以每週在您的收件匣中接收 WordPress 安全性更新。

我們不發送垃圾郵件!閱讀我們的 隱私權政策 了解更多。