Another vulnerability was discovered in the LiteSpeed Cache WordPress plugin—an Unauthenticated Privilege Escalation that could lead to a total site takeover. Unfortunately, updating to the latest version of the plugin may not be enough to resolve the issue. LiteSpeed Cache Plugin The LiteSpeed Cache Plugin is a website performance optimization plugin that has over 6 … Read more
Advisories have been issued regarding vulnerabilities discovered in two of the most popular WordPress contact form plugins, potentially affecting over 1.1 million installations. Users are advised to update their plugins to the latest versions. +1 Million WordPress Contact Forms Installations The affected contact form plugins are Ninja Forms, (with over 800,000 installations) and Contact Form … Read more
A recent webinar featuring WordPress executives from Automattic and Elementor, along with developers and Joost de Valk, discussed the stagnation in WordPress growth, exploring the causes and potential solutions. Stagnation Was The Webinar Topic The webinar, “Is WordPress’ Market share Declining? And What Should Product Businesses Do About it?” was a frank discussion about what … Read more
A vulnerability advisory was issued about two WordPress themes found on ThemeForest that could allow a hacker to delete arbitrary files and inject malicious scripts into a website. Two WordPress Themes Sold On ThemeForest The two WordPress themes with vulnerabilities are sold on ThemeForest and together they have over a half million sales. The two … Read more
A WordPress plugin add-on for the popular Elementor page builder recently patched a vulnerability affecting over 200,000 installations. The exploit, found in the Jeg Elementor Kit plugin, allows authenticated attackers to upload malicious scripts. Stored Cross-Site Scripting (Stored XSS) The patch fixed an issue that could lead to a Stored Cross-Site Scripting exploit that allows … Read more
A critical vulnerability was discovered in the WPML WordPress plugin, affecting over a million installations. The vulnerability allows an authenticated attacker to perform remote code execution, potentially leading to a total site takeover. It is listed as rated 9.9 out of 10 by the Common Vulnerabilities and Exposures (CVE) organization. WPML Plugin Vulnerability The plugin … Read more
Up to 5 million installations of the LiteSpeed Cache WordPress plugin are vulnerable to an exploit that allows hackers to gain administrator rights and upload malicious files and plugins The vulnerability was first reported to Patchstack, a WordPress security company, which notified the plugin developer and waited until the vulnerability was patched before making a … Read more
Multiple user reports have surfaced warning that the latest version of WordPress is triggering trojan alerts and at least one person reported that a web host locked down a website because of the file. What really happened turned into a learning experience. Antivirus Flags Trojan In Official WordPress 6.6.1 Download The first report was filed … Read more
WooCommerce announced their roadmap for the future of WooCommerce, emphasizing two-way communication with the developer ecosystem in order to be responsive to their needs which further the goals of improving the experience for developers, merchants and customers. WooCommerce highlighted seven important areas for innovation and six specific areas that are targeted for enhancements that will … Read more
A week after releasing the troubled version 6.6, WordPress has released another version that fixes seven major issues including two that caused fatal errors (website crashes), another issue that caused a security plugins to issue false warnings plus several more that created unwanted UI changes. Fatal Errors In WordPress 6.6 The one issue that got … Read more
Managed WordPress web host WP Engine announced that they are acquiring NitroPack, a leading SaaS website performance optimization solution. The acquisition of of NitroPack by WP Engine demonstrates their continued focus on improving site performance for clients. NitroPack NitroPack is a relatively pricey but well regarded site performance solution that has for years been known … Read more
The U.S. National Vulnerability Database (NVD) and Wordfence published a security advisory of a high severity Cross Site Request Forgery (CSRF) vulnerability affecting the Nested Pages WordPress plugin affecting up to +100,000 installations. The vulnerability received a Common Vulnerability Scoring System (CVSS) rating of 8.8 on a scale of 1 – 10, with ten representing … Read more
WordPress announced over the weekend that they were pausing plugin updates and initiating a force reset on plugin author passwords in order to prevent additional website compromises due to the ongoing Supply Chain Attack on WordPress plugins. Supply Chain Attack Hackers have been attacking plugins directly at the source using password credentials exposed in previous … Read more
WordPress plugins continue to be under attack by hackers using stolen credentials (from other data breaches) to gain direct access to plugin code. What makes these attacks of particular concern is that these supply chain attacks can sneak in because the compromise appears to users as plugins with a normal update. Supply Chain Attack The … Read more
WooCommerce published an advisory about an XSS vulnerability while Wordfence simultaneously advised about a critical vulnerability in a WooCommerce plugin named Dokan Pro. The advisory about Dokan Pro warned that a SQL Injection vulnerability allows unauthenticated attackers to extract sensitive information from a website database. Dokan Pro WordPress Plugin The Dokan Pro plugin allows user … Read more
Automattic, the company behind WordPress.com, Jetpack, WooCommerce and more, have announced a new program to woo Agencies into their ecosystem of products with more ways to earn revenue. This new program could be seen as putting Automattic into direct competition with closed source systems like Wix and Duda but there are clear differences between all … Read more
Last month WordPress released a way to create or test WordPress sites on the desktop but the app was limited to Apple Mac devices. This month WordPress announces that WordPress Studio is now available for Microsoft Windows. According to WordPress, Microsoft Windows users account for over 25% of WordPress developers. But it’s possible that non-developers … Read more
Joost de Valk, the creator of Yoast SEO plugin, has created a new (and free) plugin for solving a site architecture problem that can silently diminish a website’s ability to rank. Site Architecture Site architecture is an important SEO factor because a well-organized website with clear navigation helps users quickly get to the content and … Read more
