If you are using elgg 1.7.x or elgg 1.8.x you must upgrade now to the latest elgg version immediately. A new security threat has been discovered and fixed, and I will explain the details about this threat in this article and the solution for it
All elgg versions are now facing the threat of an XSS attack via the Twitter widget, which comes pre-installed in all elgg versions. An XSS attack (Cross-Site Scripting Attack) is one of the top 5 security attacks carried out on a daily basis. An XSS attack could steal sensitive information or store harmful data in our servers.
To prevent this type of attack and any damage to our servers, all elgg users must upgrade to the latest elgg versions available, which are elgg 1.7.17 (for elgg 1.7.x users) and elgg 1.8.13 (for elgg 1.8.x users)
To get the new versions, go here:
Details on how to manually upgrade elgg version:
Note: Elgg 1.8.13 will be available soon in Softaculous
This concludes Warning: Upgrade your elgg Network to Latest Version Now