Are you using Bootstrap powered theme or plugin? If yes, then Consider updating the Bootstrap version to the latest 4.3.1 and 3.4.1 version.
Previous versions (4.3 and 3.4) were reported to have XSS vulnerability (CVE-2019-8331) that affects tooltip and popover plugin usability, compromising on website’s security.
As approx 16% of the web uses Bootstrap for WordPress themes and plugins, it’s crucial to update the developers and website owners about the recent vulnerability and website security loopholes.
Bootstrap 4.3.1 & 3.4.1 released
“Earlier this week a developer reported an XSS issue similar to the data-target vulnerability that was fixed in v4.1.2 and v3.4.0: the data-template attribute for our tooltip and popover plugins lacked proper XSS sanitization of the HTML that can be passed into the attribute’s value.” – reported in the official blog post.
The moment this security loophole was exposed by the Bootstrap Drupal project and development team, officials took no time in releasing patches 4.3.1 and 3.4.1 on 15th Feb 2019, fixing the bug.
The patched Bootstrap versions 4.3.1 and 3.4.1 allow only whitelisted HTML elements in the data attribute. Thanks to the new JS sanitizer that can be modified and customized.
Earlier this week, we reported a critical bug in a popular social sharing plugin which could take down an entire WP site.
What to do?
If you’re using a Bootstrap powered plugin or theme then it’s critical to ask their developers to work on the latest candidate and release an update, ASAP!
To keep things on the safer side, we recommend using any of these best WordPress security plugins.
Comment below the affected plugin or theme name you’re using. Do share this info within your WordPress community.