Wordpress News

WordPress Plug-in Has Critical Zero-Day – Dark Reading

Enterprise VulnerabilitiesFrom DHS/US-CERT’s National Vulnerability Database CVE-2020-1913 PUBLISHED: 2020-09-09 An Integer signedness error in the JavaScript Interpreter in Facebook Hermes prior to commit 2c7af7ec481ceffd0d14ce2d7c045e475fd71dc6 allows attackers to cause a denial of service attack or a potential RCE via crafted JavaScript. Note that this is only exploitable if the application using Hermes per… CVE-2020-24379 PUBLISHED: 2020-09-09 WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. CVE-2020-24916 PUBLISHED: 2020-09-09 CGI… More Info

Read More »

Reflected XSS in WordPress Plugin Admin Pages

The administrative dashboard in WordPress is a pretty safe place: Only elevated users can access it. Exploiting a plugin’s admin panel would serve very little purpose here — an administrator already has the required permissions to do all of the actions a vulnerability could cause. While this is usually true, there are a number of techniques bad actors are using to trick an administrator into performing actions they would not expect, such as Cross Site Request Forgery (CSRF) or Clickjacking attacks. By using these techniques, an attacker can exploit a vulnerability on the behalf of an… More Info

Read More »

Brandezk Launches Ecommerce Development on Shopify, Magento, and WordPress

NEW YORK, Sept. 07, 2020 (GLOBE NEWSWIRE) — Brandezk, a renowned web design agency, recently announced the introduction of E-commerce development services on its website. The company announced its development services for several platforms, including Shopify, Magento, WordPress, and also announced the development of 100% made-to-order E-commerce stores for clients having custom needs. The company has specialized in providing mobile app development services for years. The recent shift in the company’s modus operandi, as stated by the managing director of the company, was made ‘in… More Info

Read More »

Millions of WordPress sites are being probed & attacked with recent plugin bug

Millions of WordPress sites have been probed and attacked this week, Defiant, the company behind the Wordfence web firewall said on Friday. The sudden spike in attacks happened after hackers discovered and started exploiting a zero-day vulnerability in “File Manager,” a popular WordPress plugin installed on more than 700,000 sites. The zero-day was an unauthenticated file upload vulnerability[1, 2] that allowed an attacker to upload malicious files on a site running an older version of the File Manager plugin. It’s unclear how… More Info

Read More »

WordPress Support Team Seeks to Curb Support Requests for Commercial Plugins and Themes – WordPress Tavern

WordPress’ Support Team contributors are discussing how they can curb support requests for commercial products on the official WordPress.org forums. Users sometimes seek help for commercial product upgrades on the forums of the free version, not knowing that the moderators’ official policy is to refer them to the extension’s commercial support channel. In other instances, it is not immediately clear whether the issue is with the free version or a paid upgrade that the user has installed. “This has come up a few times the past weeks, mostly in relation to plugins that… More Info

Read More »

Gutenberg 8.9 Brings Block-Based Widgets Out of the Experimental Stage – WordPress Tavern

On Wednesday, September 2, Gutenberg 8.9 launched with a set of new features, enhancements, and several bug fixes. The development team took the block-based widgets system out of its experimental stage, making it the default experience for all plugin users. Block-based widgets have taken months upon months of work. The team has surpassed some of my expectations by essentially sticking a square peg into a square hole, granting the power of blocks to the sidebars/widgets system. On the whole, the system works. However, the team still has a lot of work to mold this feature into the… More Info

Read More »

Benefits of WordPress – Business 2 Community

So, you’re looking for a Content Management System (CMS) for your website? Well, you’re in luck because there are so many options to choose from. You’re probably thinking, how can I possibly choose which one to use when they’re all telling me why their CMS is the best choice? Begin by asking yourself the following questions: What’s going to be the best option for my website? Do I play the short game or do I look at the long term? What about ease of use? Will I be able to make changes myself or am I going to have to hire to get everything done? Will I be able to create my website… More Info

Read More »

WordPress Gets a Name, Joomla Is Feature-Complete & More Open Source CMS News

PHOTO: Kat Coffe WordPress announced that the new version of its CMS, WordPress 5.5 will now be called Eckstine in honor of Billy Eckstine, one of the most renowned jazz singers in the US. The update aims at improving the CMS in three areas: speed, security and search.  Among its features, WordPress 5.5 now makes faster page loading possible thanks to a concept known as “lazy loading.” At the same time, the new version also helps the overall website SEO by including an improved XML sitemap that enables search engines to discover websites quicker. Also, with 5.5, users can now set… More Info

Read More »