A significant security vulnerability has been identified and patched in the widely used File Manager plugin for WordPress, affecting over 1 million websites. The vulnerability is rated 8.1 out of 10 in severity and could potentially allow unauthenticated attackers to gain access to sensitive information including data contained in site backups. Unauthenticated Attack Vulnerabilities What … Read more
A popular WordPress plugin for privacy compliance with over 800,000 installations recently patched a stored XSS vulnerability that could allow an attacker to upload malicious scripts for launching attacks against site visitors. Complianz | GDPR/CCPA Cookie Consent WordPress Plugin The Complianz plugin for WordPress is a powerful tool that helps website owners comply with privacy … Read more
In 2023, the WordPress community witnessed a significant milestone in website performance, with Core Web Vitals (CWV) showing significant improvements for both mobile and desktop users. This article delves into the specifics of these improvements, exploring their implications and the evolving landscape of web performance within the WordPress ecosystem. What Are Core Web Vitals? Core … Read more
Astra Starter Templates by Brainstorm Force, with over one million active installations, announced the integration of the ZipWP AI website builder that enables users to create entire websites, including content and images. With over 280 customizable website templates that helps users quickly create professional-looking websites, it’s one of the most popular templates in the world … Read more
WordPress has released version 6.4.2 that contains a patch for a critical severity vulnerability that could allow attackers to execute PHP code on the site and potentially lead to a full site takeover. The vulnerability was traced back to a feature introduced in WordPress 6.4 that was meant to improve HTML parsing in the block … Read more
Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server. MW WP Form Plugin The MW … Read more
Accelerated Mobile Pages WordPress plugin, with over 100,000 installations, patched a medium severity vulnerability that could allow an attacker to inject malicious scripts to be executed by website visitors. Cross-Site Scripting Via Shortcode A cross-site scripting (XSS) is one of the most frequent kind of vulnerability. In the context of WordPress plugins, XSS vulnerabilities happen … Read more
WordPress released a maintenance release on Wednesday evening to fix problems discovered shortly after WordPress 6.4 was released to the public on Tuesday November 7th. Two of issues were somewhat serious in that they affected the operation of certain plugins and could cause issues for sites encountering either of the two problems. The third one … Read more
WordPress 6.4, code named Shirley was released, featuring a new default theme with many incremental but important enhancements that taken together make WordPress an easier and more intuitive content management system. Josepha Haden Chomphosy, Executive Director of WordPress, described WordPress 6.4 best. She wrote: “Many of the features and enhancements in WordPress 6.4 fall in … Read more
Astra, the makers of the worlds most popular WordPress templates, announced it is investing in LatePoint, one of the most advanced online booking solutions and in the process is advancing WordPress as the go-to platform for businesses. This move brings the powerful scheduling, booking and payment management capabilities of LatePoint to all users, especially those … Read more
The popular Fluent Forms Contact Form Builder plugin for WordPress, with over 300,000 installations, was discovered to contain a SQL Injection vulnerability that could allow database access to hackers. Fluent Forms Contact Form Builder Fluent Forms Contact Form Builder is one of the most popular contact forms for WordPress, with over 300,000 installations. Its drag-and-drop … Read more
The popular LiteSpeed WordPress plugin patched a vulnerability that compromised over 4 million websites, allowing hackers to upload malicious scripts. LiteSpeed was notified of the vulnerability two months ago on August 14th and released a patch in October. Cross-Site Scripting (XSS) Vulnerability Wordfence discovered a Cross-Site Scripting (XSS) vulnerability in the LiteSpeed plugin, the most … Read more
Kinsta announced free hosting for up to 100 static websites, including static WordPress sites, and 100 GB bandwidth per month Free hosting offered by Kinsta for static websites, including static WordPress sites 100 GB bandwidth per month per company 1 GB build image size per site Free tier will remain free “forever” according to Kinsta … Read more
WordPress 6.4, releasing on November 7th, is packed with over 100 improvements to site performance which promises to make this release one of the most important ones to get right away. This new release continues the solid upward performance trend which to date has nearly doubled the average core web vitals performance in the two … Read more
Jetpack WordPress plugin by Automattic released an updated version that expands on AI-based features and the ability to earn more from email subscriptions. Jetpack WordPress Plugin 12.7 Jetpack is a modular all-in-one plugin that brings virtually every important functionality that a website or business may need. Because it’s modular a user only needs to select … Read more
WordPress announced it was publishing a maintenance and security release that patches multiple vulnerabilities including one that could lead to a full site takeover. Maintenance and Security Release WordPress 6.3.2 WordPress 6.3.2 delivers 41 bug fixes but more importantly it ships with patches for eight vulnerabilities. The following eight vulnerabilities were recently discovered and patched: … Read more
The opportunity to tell WordPress what you need out of the CMS only comes around once a year. This year, WordPress wants to hear from SEO professionals, affiliates, recipe bloggers, small business owners, advertisers and others who depend on WordPress. What Is The 2023 WordPress Survey? The people who build WordPress conduct an annual survey … Read more
A full-time sponsored contributor to WordPress discussed how publishers and members of the search marketing community can influence WordPress so that it’s more useful for all the things they want it to do. The person I spoke with was Naoko Takano, a full-time sponsored WordPress contributor whose focus is on contributor experience improvement. She has … Read more
