WordPress XXE injection vulnerability could allow attackers to remotely steal host files

[ad_1]


Jessica Haworth

27 April 2021 at 15:01 UTC

Updated: 27 April 2021 at 15:06 UTC

Researchers provide technical details of bug that was fixed in latest security release

WordPress XXE injection vulnerability could allow attackers to remotely steal host files

An XML External Entity (XXE) injection bug in WordPress could allow attackers to remotely steal a victim’s files, researchers have revealed.

Security researchers at SonarSource who discovered the vulnerability published a blog post today (April 27) that provides technical details on the now-patched bug.

Read more of the latest…

[ad_2]
More Info

Learn how to build a thriving website with WordPress for just $20

[ad_1]

Products featured here are selected by our partners at StackCommerce.If you buy something through links on our site, Mashable may earn an affiliate commission.

Customize your site's pages, themes, and more.
Customize your site’s pages, themes, and more.

Image: Pixabay

TL;DR: Learn how to master WordPress with the 2021 WordPress Wizard Bundle, on sale for $19.99 — a 92% savings — as of April 27.


WordPress has come a long way since its launch in 2003. Considering the web platform powers around 40 percent of all websites on the internet — and about

[ad_2]
More Info

13 WordPress Plugins for Membership Subscriptions

[ad_1]

A membership plugin can transform a WordPress site into a resource for subscription content, courses, a paid community, and more. Sell one-time or recurring access to specific posts, digital downloads, and even custom capabilities.

Here is a list of membership plugins for WordPress. Most offer multiple features — such as access tiers and hidden content — that can be tailored to your business.

MemberPress

Home page of MemberPress

MemberPress

MemberPress lets you create, manage, and track membership subscriptions and sell digital download products. Manage your members by granting and revoking…

[ad_2]
More Info

Best WordPress Plugins for Developers in 2021

[ad_1]

Companies Running Competitive Ads Against WordPress May Soon be Banned from Sponsoring WordCamps – WordPress Tavern

[ad_1]

The WordPress Community Team is discussing banning companies from sponsoring WordCamps if they advertise competitively against WordPress. A WordCamp organizing team recently brought the concern to community deputies regarding a potential sponsor that is advertising its product in such a way that it puts WordPress in “an unflattering light.”

This particular instance is prompting community leadership to clarify expectations for how sponsors advertise WordPress derivative products – products built on top of WordPress, such as themes, plugins, or distributions.

Cami Kaos…

[ad_2]
More Info

Companies Running Competitive Ads Against WordPress May Soon be Banned from Sponsoring WordCamps – WordPress Tavern

[ad_1]

The WordPress Community Team is discussing banning companies from sponsoring WordCamps if they advertise competitively against WordPress. A WordCamp organizing team recently brought the concern to community deputies regarding a potential sponsor that is advertising its product in such a way that it puts WordPress in “an unflattering light.”

This particular instance is prompting community leadership to clarify expectations for how sponsors advertise WordPress derivative products – products built on top of WordPress, such as themes, plugins, or distributions.

Cami Kaos…

[ad_2]
More Info

Plausible Analytics Adds Statistics Dashboard to the WordPress Admin – WordPress Tavern

[ad_1]

Earlier this week, Plausible Analytics released version 1.2 of its WordPress plugin. The update includes a missing feature that should make it more appealing to end-users. The plugin now supports an “embedded mode” that displays a site’s stats directly in the WordPress admin interface.

Without counting the self-hosted users of its open-source project, Plausible Analytics recently surpassed 14,000 users on its hosted service. That is a step forward in its two-year path toward making a dent in the analytics market.

“We’ve taken 1.4 billion pageviews directly from Google…

[ad_2]
More Info

With Some Hits and Misses, the Guten Blog WordPress Theme Has Potential – WordPress Tavern

[ad_1]

Any time I see a new block-ready WordPress theme, I am like a toddler in a toyshop. I cannot wait to bring it home, rip off the packaging, and play with it. Sometimes it is the type of fun that will create lasting, years-long memories. Other times, the toy is not all it is cracked up to be. It does not deliver on the promises on its packaging. It is too hard to play with or just not what you expected. You discard it and move on to one of your other trusted toys, ones with guaranteed fun built-in.

The latter feeling is where I am at with Guten Blog by Avid Themes. I want to love it….

[ad_2]
More Info

Google Web Stories WordPress Plugin Updated With Embedding Capabilities

[ad_1]

Google has updated its official Web Stories plugin for WordPress with the ability to embed content on webpages.

Since the launch of the Web Stories plugin it has offered robust creation tools, but users were on their own when it came to embedding the content they created.

WordPress site owners can now create Web Stories and embed them using the same tool. The update also offers the ability to embed Web Stories from other sites.

Google Web Stories WordPress Plugin Updated With Embedding Capabilities

In addition to easier embedding, the plugin update makes it possible to integrate Web Stories into the theme customization process, and they can now be used with the…

[ad_2]
More Info