iThemes have released an important security fix for their iThemes Security Plugin.

This release fixes an XSS issue, which allowed potentially dangerous JavaScript to be executed while viewing the iThemes Security 404 error logs.

iThemes have backported the security fix to past versions, releasing a patched version of every minor version dating back to 3.2.

In order to protect your site, we recommend that you check if your site is running a vulnerable version of iThemes Security, and upgrade it immediately to a safe version. You can do so from the “Updates” page in your WordPress dashboard.

We have attempted to push an update to all websites on VaultPress, upgrading them to the safe release of the minor version they were already using. However, we were unable to update some websites due to permission issues.

We have emailed all VaultPress customers whose sites have not been successfully updated.

As always, if you have any questions or need help, drop us a message!