Wordpress News

PHP Everywhere Bugs Put 30K+ WordPress Sites at Risk of RCE – Threatpost

The plug-in’s default settings spawned flaws that could allow for full site takeover but have since been fixed in an update that users should immediately install, Wordfence researchers said. Tens of thousands of WordPress sites are at risk from critical vulnerabilities in a widely used plug-in that facilitates the use of PHP code on a site. One of the bugs allows any authenticated user of any level – even subscribers and customers – to execute code that can completely take… More Info

Read More »

Critical Code Execution Flaws Patched in ‘PHP Everywhere’ WordPress Plugin

Thousands of WordPress websites were impacted by three remote code execution vulnerabilities that were identified in the PHP Everywhere plugin, the Wordfence team at WordPress security company Defiant warns. With more than 30,000 downloads, the PHP Everywhere plugin is an open-source plugin designed to enable PHP code everywhere in the WordPress installation. The latest PHP Everywhere iteration was released last month with patches for three critical vulnerabilities (CVSS score of 9.9) that could allow users with low privileges to execute code on the WordPress sites that use the plugin.

Read More »

Critical RCE Flaws in ‘PHP Everywhere’ Plugin Affect Thousands of WordPress Sites

Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that’s used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems. PHP Everywhere is used to flip the switch on PHP code across WordPress installations, enabling users to insert and execute PHP-based code in the content management system’s Pages, Posts, and Sidebar. The three issues, all rated 9.9 out of a maximum of 10 on the CVSS rating system, impact versions 2.0.3 and below, and are as follows – CVE-2022-24663 – Remote… More Info

Read More »

Top 10 Security Tips to Keep Your WordPress Site Healthy

As we go through the winter months and whether changes, many of us go to our local pharmacy and take advantage of a flu shot. We do this because maybe we have had the flu before and the second of pain from the jab is nothing in comparison to the hours and days of sickness from catching the flu bug.  As everyone’s grandparents tell them, “An ounce of prevention is worth a pound of cure.” Keeping strong cyber security hygiene to prevent hacks saves you from expensive remediation costs, compromised data and a weakened WordPress immune system. Did you know that breached sites are more… More Info

Read More »

PHP Everywhere RCE flaws threaten thousands of WordPress sites

Researchers found three critical remote code execution (RCE) vulnerabilities in the ‘PHP Everywhere’ plugin for WordPress, used by over 30,000 websites worldwide. PHP Everywhere is a plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, and use it to display dynamic content based on evaluated PHP expressions. Three RCE flaws The three vulnerabilities were discovered by security analysts at Wordfence and can be exploited by contributors or subscribers, affecting all WordPress versions from 2.0.3 and below. Here’s a short description… More Info

Read More »

The ultimate guide to the WordPress database

At its core, WordPress is a CMS (Content Management System). To manage content, it needs to be able to store it. WordPress does this through folders and files, and a database. We have previously covered the WordPress filesystem in a separate article; we will focus on the database this time around. In this article, we will be looking at the WordPress database, its structure, and how each field works. We have also included a brief history lesson on MySQL. Hint – The My in MySQL does not mean it’s yours; My is an actual person, but who? – Continue reading to find out. Table of… More Info

Read More »

Convesio looks to develop its scalable WordPress hosting platform after securing $5m – Business Leader

Scaleable WordPress hosting platform Convesio has secured $5m in funding, which the company plans to use to accelerate development of its unique container-based solution and continue to disrupt a market that is slow to innovate. Convesio is the only WordPress hosting provider to have productized scaling. Anyone can deploy a highly-scalable WordPress website in minutes, and not hours or days, which is the typical timeframe of a traditional VPS setup. The round of funding was secured from a select group of private investors, some of whom had originally contributed to Convesio’s… More Info

Read More »

Aprimo Launches New Digital Experience Platform Powered by WordPress VIP

CHICAGO, Feb. 8, 2022 /PRNewswire/ — Aprimo, an industry-leading provider of digital asset management and work management solutions, today announced a brand refresh that includes an all-new digital experience platform (DXP). The platform integrates the company’s content operations platform with a best-in-class content management system and content analytics, bringing bolder brand experiences to market and the intelligence to marketers to better understand content performance and value. The new aprimo.com is an innovative, unified marketing technology stack developed by Aprimo and… More Info

Read More »

Creating Slides With the Carousel Slider Block WordPress Plugin – WP Tavern

Over the weekend, Virgiliu Diaconu asked me to check out his Carousel Slider Block plugin, a project he has maintained for three years. It has slowly garnered more than 5,000 active installs since its release. I get emails like this every day. More often than not, the projects are fundamentally broken or are a bit too spammy for my taste. Like so many others, I ask myself, Could this be one of those diamonds in the rough? I am always optimistic enough to hold out the tiniest sliver of hope. I should preface this review by saying that I have a general dislike of sliders and… More Info

Read More »

Five reasons why WordPress is perfect to build a membership website

Launched almost two decades ago, WordPress now powers more than 37% of all websites across the world and at a strong 62%, it holds the title of the world’s most popular content management system (CMS). Originally created as a personal blog-publishing system by Mike Little and Matt Mullenweg, WordPress has since evolved to a full-fledged CMS built on PHP and MySQL with an aGPLv2 license, and it can cover any kind of site you can think of. Being a free and open-source CMS, WordPress is supported by its contributing community of dedicated developers, web designers, and all sorts of content… More Info

Read More »