Yearly Archives: 2022

WordPress 5.9 “Josephine” Released, Introduces Full Site Editing and New Twenty Twenty-Two Default Theme – WP Tavern

[ad_1]

After a short delay, WordPress 5.9 “Josephine” has finally arrived with the long-awaited full-site editing features that give users more control over site design and page templates.

This release is named for American-born jazz singer Joséphine Baker, who found success on broadway before moving to Europe and becoming very popular in France. She frequently made her way back the US in the 1950’s to advocate for the Civil Rights Movement, participating in demonstrations and boycotting segregated venues.

For many years, non-technical WordPress users were told to stay away from…

[ad_2]
More Info

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover – Threatpost

[ad_1]

Wordpress plugin vulnerability

A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users.

The WordPress content management system (CMS) is offering admins more headaches this week, thanks to a pair of disparate but concerning security problems in add-ons for the platform.

The first issue affects the WordPress AdSanity plugin. It’s a critical security vulnerability that could allow remote code execution (RCE) and full site takeovers.

The second problem concerns a…

[ad_2]
More Info

WordPress.org Gets New Global Header and Footer Design – WP Tavern

[ad_1]

If you happened to be browsing WordPress.org on Sunday, you might have been in for a shock. The website got a bit of an upgrade. A partial one, at least, as developers implemented a new global header and footer across the site. This is the first stage of a longer-term overhaul of the site’s front end.

Screenshot of the header and footer navigation sections from WordPress.org with the content removed.  The header is a horizontal list of links.  The footer is a 5-column grid of lists with four links each.
Global header and footer sections on WordPress.org.

Not everyone was ecstatic about the change, and there were at least some mobile-related issues. Some visitors could not close an open nav menu when browsing with mobile Safari, but that issue has since been addressed.

Others,…

[ad_2]
More Info

WordPress Community Team Updates COVID-19 Safety Guidelines to Relieve Volunteers of Enforcement Burden – WP Tavern

[ad_1]

Earlier this month the WordPress Community Team proposed stricter guidelines for hosting in-person events, as the pandemic continues to warrant vigilance and a nimble approach to ensuring attendees’ safety. The updated guidelines were published today with an important change that relieves volunteers of the burden of enforcing the safety measures.

The new mandatory guidelines require meetup and WordCamp organizers to follow local laws for events with more than 50 attendees. If the location requires or permits venues to limit admission based on vaccination status and masking, the…

[ad_2]
More Info

Outdated WordPress Plug-ins, Themes Distribute Backdoors For Potential Supply Chain Attack, Jetpack Says

[ad_1]

WordPress themes and plug-ins became the latest target of suspicious attackers, according to Jetpack. For those who are using the older versions of these features, there is a possibility that you might compromise your system through their backdoors without your notice.

JetPack Spots WordPress Backdoors

Outdated WordPress Plug-ins, Themes Distribute Backdoors For Potential Supply Chain Attack, Jetpack Says

(Photo : Stephen Phillips – Hostreviews.co.uk from Unsplash)
WordPress themes and plug-ins became the latest target of suspicious attackers, according to Jetpack.

According to a report by PC Mag, the cybersecurity team JetPack spotted some problems…

[ad_2]
More Info

Supply chain attack used legitimate WordPress add-ons to backdoor sites

[ad_1]

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Getty Images

Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system.

The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security…

[ad_2]
More Info

Supply chain attack used legitimate WordPress add-ons to backdoor sites

[ad_1]

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Getty Images

Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system.

The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security…

[ad_2]
More Info

20K WordPress Sites Exposed by Insecure Plugin REST-API – Threatpost

[ad_1]

wordpress plugin

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS.

More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting (XSS) bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails.

The new vulnerability (CVE-2022-0218, CVSS score 8.3) was found by Wordfence researcher Chloe…

[ad_2]
More Info

Over 90 WordPress themes, plugins backdoored in supply chain attack

[ad_1]

chain

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites.

In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360,000 active websites.

The attack was discovered by researchers at Jetpack, the creators of a security and optimization tool for WordPress sites, who discovered that a PHP backdoor had been added to the themes and plugins.

Jetpack believes an external threat actor breached the AccessPress website to compromise the…

[ad_2]
More Info

4 Top-Rated WordPress Designers Share Web Design Tips for 2022 [DesignRush QuickSights] | News

[ad_1]

NEW YORK, Jan. 21, 2022 /PRNewswire-PRWeb/ — WordPress currently powers 38% of the entire Internet and owns over 64% of the CMS market. The popularity of WordPress boils down to its intuitive UI, integration capabilities and scalability that makes it suitable for businesses of all sizes and profiles.

DesignRush, a B2B marketplace connecting brands with agencies, leveraged its 11,000-agencies-strong network for quick insights – or “QuickSights” – on…

[ad_2]
More Info