The WordPress Performance Team has released an experimental plugin that increases the perceived loading speed of web pages without the performance issues and accessibility tradeoffs associated with Single Page Applications (SPAs). The announcement was made by Felix Arntz, a member of the WordPress Performance Team and a Google software engineer. Plugins released by the WordPress … Read more
A WordPress plugin that automatically posts content scraped from other websites has been discovered to contain a critical vulnerability that allows anyone to upload malicious files to affected websites. The severity of the vulnerability is rated at 9.8 on a scale of 1-10. Crawlomatic Multisite Scraper Post Generator Plugin for WordPress The Crawlomatic WordPress plugin … Read more
One of the scariest things that can occur with a WordPress user is that you install a plugin, and upon activation, you get a white screen of death. This screen, where your beautifully crafted website once lived, is now plain white or produces a line or two of unformatted text. A plugin conflict is when … Read more
The Progress Planner WordPress plugin has announced a new integration with Yoast SEO, enabling users to take full advantage of Yoast’s features to maximize website search performance. Progress Planner Plugin Progress Planner is developed by the same people who created Yoast SEO, ensuring that both plugins work perfectly together. The main functionality of the plugin … Read more
WordPress hosting provider Kinsta announced an automated plugin updater that detects and recovers from bad updates by rolling back the plugin to its previous state and preventing downtime from affecting website performance. Failed plugin updates are prevented from going live and publishers are immediately notified. Kinsta shared that a scan of users indicated that the … Read more
A high-severity vulnerability was discovered and patched in the All-in-One WP Migration and Backup plugin, which has over five million installations. The vulnerability requires no user authentication, making it easier for an attacker to compromise a website, but this is mitigated by a restricted attack method. The vulnerability was assigned a severity rating of 7.5 … Read more
The WPForms plugin for WordPress exposes websites to a vulnerability that allows attackers to update subscriptions and issue refunds. This flaw enables attackers to modify data they normally should not have access to. Missing Capability Check The vulnerability is due to a missing capability check in a function within the plugin called wpforms_is_admin_page, which means … Read more
A flaw in a WordPress anti-spam plugin with over 200,000 installations allows rogue plugins to be installed on affected websites. Security researchers rated the vulnerability 9.8 out of 10, reflecting the high level of severity determined by security researchers. Screenshot Of CleanTalk Vulnerability Severity Rating CleanTalk Anti-Spam WordPress Plugin Vulnerability A highly rated anti-spam firewall … Read more
Automattic cloned WP Engine’s paid ACF Premium plugin and is distributing it for free. Many in the WordPress community disapprove of this action, expressing concerns that it undermines the plugin and theme ecosystem. Advanced Custom Fields Plugin Advanced Custom Fields (ACF) is a WordPress plugin that’s popular with WordPress website developers because it enables them … Read more
The co-founders of Yoast have launched a plugin that helps users plan tasks, defeat procrastination, and remove distractions, making it easier to achieve success. This plugin simplifies managing critical tasks like maintaining website health, publishing posts, and updating content. Why This Plugin Helps Users Become Successful A reason why some websites fail to achieve all … Read more
A critical vulnerability was discovered in the WPML WordPress plugin, affecting over a million installations. The vulnerability allows an authenticated attacker to perform remote code execution, potentially leading to a total site takeover. It is listed as rated 9.9 out of 10 by the Common Vulnerabilities and Exposures (CVE) organization. WPML Plugin Vulnerability The plugin … Read more
Up to 5 million installations of the LiteSpeed Cache WordPress plugin are vulnerable to an exploit that allows hackers to gain administrator rights and upload malicious files and plugins The vulnerability was first reported to Patchstack, a WordPress security company, which notified the plugin developer and waited until the vulnerability was patched before making a … Read more
The U.S. National Vulnerability Database (NVD) and Wordfence published a security advisory of a high severity Cross Site Request Forgery (CSRF) vulnerability affecting the Nested Pages WordPress plugin affecting up to +100,000 installations. The vulnerability received a Common Vulnerability Scoring System (CVSS) rating of 8.8 on a scale of 1 – 10, with ten representing … Read more
WordPress announced over the weekend that they were pausing plugin updates and initiating a force reset on plugin author passwords in order to prevent additional website compromises due to the ongoing Supply Chain Attack on WordPress plugins. Supply Chain Attack Hackers have been attacking plugins directly at the source using password credentials exposed in previous … Read more
WordPress plugins continue to be under attack by hackers using stolen credentials (from other data breaches) to gain direct access to plugin code. What makes these attacks of particular concern is that these supply chain attacks can sneak in because the compromise appears to users as plugins with a normal update. Supply Chain Attack The … Read more
Wix announced a new Figma Plugin that enables designers to import Figma designs directly into Wix Studio and dramatically speed up site creation from the design stage to a functioning website. Figma Design Tool Figma is a SaaS (software as a service) collaborative design tool that allows designers, teams and clients to prototype designs, in … Read more
Joost de Valk, the creator of Yoast SEO plugin, has created a new (and free) plugin for solving a site architecture problem that can silently diminish a website’s ability to rank. Site Architecture Site architecture is an important SEO factor because a well-organized website with clear navigation helps users quickly get to the content and … Read more
WP Rocket, the WordPress page speed performance plugin, just announced the release of a new version that will help publishers optimize for Largest Contentful Paint (LCP), an important Core Web Vitals metric. Large Contentful Paint (LCP) LCP is a page speed metric that’s designed to show how fast it takes for a user to perceive … Read more
