The Cwicly WordPress website builder toolkit announced that they are shutting down by the end of the year and refunding all 2024 clients. The decision forced developers to halt current projects and begin the process of migrating client websites to other WordPress site builder platforms. It is an unexpected end to what was regarded as … Read more
Bricks Visual Site Builder for WordPress recently patched a critical severity vulnerability rated 9.8/10 which is actively being exploited right now. Bricks Builder Bricks Builder is a popular WordPress development theme that makes it easy to create attractive and fast performing websites in hours that would costs up to $20,000 of development time to do … Read more
WordPress released the results of their annual user and developer survey which showed mixed feelings about the direction the software is going and an increasing sense of not being welcome in the overall WordPress community. The Gutenberg Editor Gutenberg is the modernized version of the the default site editor which brings the paradigm of a … Read more
A significant vulnerability has been patched in the Website Builder by SeedProd that has over 900,000 installations. This vulnerability, present in versions up to and including 6.15.21, poses a risk for unauthorized data modification on WordPress sites. Vulnerability Details: Missing Capability Check The vulnerability that was discovered is called a missing capability check within the … Read more
WordPress announced a security release version 6.4.3 as a response to two vulnerabilities discovered in WordPress plus 21 bug fixes. PHP File Upload Bypass The first patch is for a PHP File Upload Bypass Via Plugin Installer vulnerability. It’s a flaw in WordPress that allows an attacker to upload PHP files via the plugin and … Read more
A critical severity vulnerability was discovered and patched in the Better Search Replace plugin for WordPress which has over 1 million active website installs. Successful attacks could lead to arbitrary file deletions, sensitive data retrieval and code execution. Severity Level Of Vulnerability The severity of vulnerabilities are scored on a point system with ratings described … Read more
A significant security vulnerability has been identified and patched in the widely used File Manager plugin for WordPress, affecting over 1 million websites. The vulnerability is rated 8.1 out of 10 in severity and could potentially allow unauthenticated attackers to gain access to sensitive information including data contained in site backups. Unauthenticated Attack Vulnerabilities What … Read more
A popular WordPress plugin for privacy compliance with over 800,000 installations recently patched a stored XSS vulnerability that could allow an attacker to upload malicious scripts for launching attacks against site visitors. Complianz | GDPR/CCPA Cookie Consent WordPress Plugin The Complianz plugin for WordPress is a powerful tool that helps website owners comply with privacy … Read more
In 2023, the WordPress community witnessed a significant milestone in website performance, with Core Web Vitals (CWV) showing significant improvements for both mobile and desktop users. This article delves into the specifics of these improvements, exploring their implications and the evolving landscape of web performance within the WordPress ecosystem. What Are Core Web Vitals? Core … Read more
Astra Starter Templates by Brainstorm Force, with over one million active installations, announced the integration of the ZipWP AI website builder that enables users to create entire websites, including content and images. With over 280 customizable website templates that helps users quickly create professional-looking websites, it’s one of the most popular templates in the world … Read more
WordPress has released version 6.4.2 that contains a patch for a critical severity vulnerability that could allow attackers to execute PHP code on the site and potentially lead to a full site takeover. The vulnerability was traced back to a feature introduced in WordPress 6.4 that was meant to improve HTML parsing in the block … Read more
Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server. MW WP Form Plugin The MW … Read more
Accelerated Mobile Pages WordPress plugin, with over 100,000 installations, patched a medium severity vulnerability that could allow an attacker to inject malicious scripts to be executed by website visitors. Cross-Site Scripting Via Shortcode A cross-site scripting (XSS) is one of the most frequent kind of vulnerability. In the context of WordPress plugins, XSS vulnerabilities happen … Read more
WordPress released a maintenance release on Wednesday evening to fix problems discovered shortly after WordPress 6.4 was released to the public on Tuesday November 7th. Two of issues were somewhat serious in that they affected the operation of certain plugins and could cause issues for sites encountering either of the two problems. The third one … Read more
WordPress 6.4, code named Shirley was released, featuring a new default theme with many incremental but important enhancements that taken together make WordPress an easier and more intuitive content management system. Josepha Haden Chomphosy, Executive Director of WordPress, described WordPress 6.4 best. She wrote: “Many of the features and enhancements in WordPress 6.4 fall in … Read more
Astra, the makers of the worlds most popular WordPress templates, announced it is investing in LatePoint, one of the most advanced online booking solutions and in the process is advancing WordPress as the go-to platform for businesses. This move brings the powerful scheduling, booking and payment management capabilities of LatePoint to all users, especially those … Read more
The popular Fluent Forms Contact Form Builder plugin for WordPress, with over 300,000 installations, was discovered to contain a SQL Injection vulnerability that could allow database access to hackers. Fluent Forms Contact Form Builder Fluent Forms Contact Form Builder is one of the most popular contact forms for WordPress, with over 300,000 installations. Its drag-and-drop … Read more
The popular LiteSpeed WordPress plugin patched a vulnerability that compromised over 4 million websites, allowing hackers to upload malicious scripts. LiteSpeed was notified of the vulnerability two months ago on August 14th and released a patch in October. Cross-Site Scripting (XSS) Vulnerability Wordfence discovered a Cross-Site Scripting (XSS) vulnerability in the LiteSpeed plugin, the most … Read more
