Wordpress News

AdSanity, AccessPress Plugins Open Scads of WordPress Sites to Takeover – Threatpost

A critical security bug and a months-long, ongoing supply-chain attack spell trouble for WordPress users. The WordPress content management system (CMS) is offering admins more headaches this week, thanks to a pair of disparate but concerning security problems in add-ons for the platform. The first issue affects the WordPress AdSanity plugin. It’s a critical security vulnerability that could allow remote code execution (RCE) and full site takeovers. The second problem concerns a… More Info

Read More »

WordPress.org Gets New Global Header and Footer Design – WP Tavern

If you happened to be browsing WordPress.org on Sunday, you might have been in for a shock. The website got a bit of an upgrade. A partial one, at least, as developers implemented a new global header and footer across the site. This is the first stage of a longer-term overhaul of the site’s front end. Global header and footer sections on WordPress.org. Not everyone was ecstatic about the change, and there were at least some mobile-related issues. Some visitors could not close an open nav menu when browsing with mobile Safari, but that issue has since been addressed. Others,… More Info

Read More »

WordPress Community Team Updates COVID-19 Safety Guidelines to Relieve Volunteers of Enforcement Burden – WP Tavern

Earlier this month the WordPress Community Team proposed stricter guidelines for hosting in-person events, as the pandemic continues to warrant vigilance and a nimble approach to ensuring attendees’ safety. The updated guidelines were published today with an important change that relieves volunteers of the burden of enforcing the safety measures. The new mandatory guidelines require meetup and WordCamp organizers to follow local laws for events with more than 50 attendees. If the location requires or permits venues to limit admission based on vaccination status and masking, the… More Info

Read More »

Outdated WordPress Plug-ins, Themes Distribute Backdoors For Potential Supply Chain Attack, Jetpack Says

WordPress themes and plug-ins became the latest target of suspicious attackers, according to Jetpack. For those who are using the older versions of these features, there is a possibility that you might compromise your system through their backdoors without your notice. JetPack Spots WordPress Backdoors (Photo : Stephen Phillips – Hostreviews.co.uk from Unsplash)WordPress themes and plug-ins became the latest target of suspicious attackers, according to Jetpack. According to a report by PC Mag, the cybersecurity team JetPack spotted some problems… More Info

Read More »

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Getty Images Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system. The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security… More Info

Read More »

Supply chain attack used legitimate WordPress add-ons to backdoor sites

Getty Images Dozens of legitimate WordPress add-ons downloaded from their original sources have been found backdoored through a supply chain attack, researchers said. The backdoor has been found on “quite a few” sites running the open source content management system. The backdoor gave the attackers full administrative control of websites that used at least 93 WordPress plugins and themes downloaded from AccessPress Themes. The backdoor was discovered by security researchers from JetPack, the maker of security… More Info

Read More »

20K WordPress Sites Exposed by Insecure Plugin REST-API – Threatpost

The WordPress WP HTML Mail plugin for personalized emails is vulnerable to code injection and phishing due to XSS. More than 20,000 WordPress sites are vulnerable to malicious code injection, phishing scams and more as the result of a high-severity cross-site scripting (XSS) bug discovered in the WordPress Email Template Designer – WP HTML Mail, a plugin for designing custom emails. The new vulnerability (CVE-2022-0218, CVSS score 8.3) was found by Wordfence researcher Chloe… More Info

Read More »

Over 90 WordPress themes, plugins backdoored in supply chain attack

A massive supply chain attack compromised 93 WordPress themes and plugins to contain a backdoor, giving threat-actors full access to websites. In total, threat actors compromised 40 themes and 53 plugins belonging to AccessPress, a developer of WordPress add-ons used in over 360,000 active websites. The attack was discovered by researchers at Jetpack, the creators of a security and optimization tool for WordPress sites, who discovered that a PHP backdoor had been added to the themes and plugins. Jetpack believes an external threat actor breached the AccessPress website to compromise the… More Info

Read More »

4 Top-Rated WordPress Designers Share Web Design Tips for 2022 [DesignRush QuickSights] | News

NEW YORK, Jan. 21, 2022 /PRNewswire-PRWeb/ — WordPress currently powers 38% of the entire Internet and owns over 64% of the CMS market. The popularity of WordPress boils down to its intuitive UI, integration capabilities and scalability that makes it suitable for businesses of all sizes and profiles. DesignRush, a B2B marketplace connecting brands with agencies, leveraged its 11,000-agencies-strong network for quick insights – or “QuickSights” – on… More Info

Read More »

Create Todo and Checklists in the WordPress Editor With New Plugin – WP Tavern

Todo lists. Checklists. While there are differences in their purposes, their output is essentially the same. They are lists of items with boxes to tick off, and a plugin like David Towoju’s Todo Block allows users to create them. I first downloaded and installed the plugin two weeks ago, but it had a problem. It did not seem to add any blocks at all. This was likely some mistake with porting the plugin over from its development repository. I have been testing it since its update a few days ago and like where it is headed. Technically, the plugin has two blocks. One exists for… More Info

Read More »