No, the quick fix is to update your plugins and if you haven’t already done so update to WordPress 4.2.
If your sites were set to auto-update a lot of the work will have been done for you.
Thread Starter
Rado
(@jeriksson)
so it’s still exploitable even though the admin section is unreachable? terrible news for me then i gotta patch a lot of stuff, all sites are not ready to just throw on top of 4.2.
Thanks 4 infos though
There is no exploit in add_query_arg specifically, it comes down to a matter of how many plugins were using it, sometimes incorrectly. Whether any given case is actually exploitable or not depends on how they were using it, and in what context.
So there’s no quick fix or definitive answer for this one. Update any plugins that need to be updated, and you’ll be fine. Many of the fixed issues were not actually exploitable or extremely difficult to exploit. A large number of the fixes were of the just-in-case kind of nature. Nevertheless, keep your plugins up to date, and you’ll have no issues.
WordPress 4.2 did not contain any fixes specific to the add_query_arg issue in plugins.
