A patch has been issued for a WordPress plugin that had a severe vulnerability. The plugin, wpDiscuz, was investigated by WordPress security experts at Wordfence. What they found, as described in a research blog post, was a critical arbitrary file upload vulnerability. As Wordfence researchers discovered, the vulnerability was introduced in a recent update, more specifically, the patch before the fixed wpDiscuz plugin version (7.0.5). This is far from the first time a critical WordPress vulnerability has been uncovered. wpDiscuz is used to allow an interactive comments section…
Acquia has released its new Open Digital Experience Platform (DXP), which combines the power of Marketing Cloud and Acquia Drupal Cloud, bringing together content and data to improve the digital experiences that brands can deliver.
Acquia Drupal Cloud is a hosting and development platform for the open source Drupal CMS that makes it easier for companies to design and orchestrate digital experiences. Marketing Cloud is a data-driven marketing platform that streamlines the creation of personalized customer journeys.
Once again, a critical security flaw in a WordPress plugin posed a threat to thousands of websites. This time, the researchers discovered the vulnerability in the wpDiscuz WordPress plugin.
wpDiscuz WordPress Plugin Vulnerability
Researchers from Wordfence have come up with one more report about a vulnerable plugin. As described in their recent blog post, they caught a critical vulnerability in the wpDiscuz WordPress plugin. Exploiting this bug could let an attacker achieve various dangerous privileges on the target server, including remote code execution and arbitrary file upload.
I am always on the lookout for interesting syntax-highlighting plugins, particularly for those occasions when I write tutorials or other articles that lean heavily on code. Far too many plugins use shortcodes, custom blocks, or other odd solutions. However, there is one option that I intentionally overlooked when it was released over a year ago: Code Syntax Block by Marcus Kazmierczak.
Based on the name, I assumed it was yet another standalone block. However, I have since given it another look and realized that this was note the case. It integrates directly with the core WordPress…
MalCare, your favorite WordPress security plugin, recently had the opportunity to sit down with Ben Gillbanks, a veteran WordPress developer about his work in the WordPress community. In the interview below we get to speak with Ben about his past work and how the shifting WordPress landscape is forcing him to think about creative ways to stay relevant. The interview below is exciting and in-depth. So let’s jump in!
The Interview
Hi Ben! First off, I’d like to thank you for taking the time to chat with our readers today. You’ve been in the WordPress space for 13 years now, so why…
Bing has launched its first official plugin for WordPress aimed at helping site owners get their content indexed immediately. Instead of waiting for a bingbot to crawl the site, the plugin notifies Bing of any new or updated content automatically using its Submit URL API.
“Bing believes that the future for search engines is less about crawling to discover content and more about sharing new and updated content across the web, a fundamental shift in the way that search engines handle web sites,” Bing Product Manager Fabrice Canel said. “Instead of monitoring RSS, sitemaps and…
WordPress plugin Comments – wpDiscuz, which is installed on over 70,000 sites, has issued a patch.
Researchers are warning of a critical vulnerability in a WordPress plugin called Comments – wpDiscuz, which is installed on more than 70,000 websites. The flaw gives unauthenticated attackers the ability to upload arbitrary files (including PHP files) and ultimately execute remote code on vulnerable website servers.
Comments – wpDiscuz enables WordPress websites to add custom comment forms and fields to sites, and serves as an alternative to services like Disqus. Researchers with…
There are currently a “large number of failures” associated with Bing’s new URL submissions plugin for WordPress, according to the company’s outreach team.
Emails are being sent out to site owners who have installed the plugin to notify them of these issues.
The email reads:
“I am contacting you from the Microsoft Corporation and its Internet search engine Bing in regards to our URL submissions WordPress plugin.
Our systems have alerted us that while you have installed the plugin, there seems to be a large number of failures in submission of URLs to our index, resulting in customers…
Microsoft Bing is sending emails to some site owners after installing the new URL submission WordPress plugin. The email is to let these site owners know of a “large number of failures in submission of URLs” to the Bing index. This is leading to searchers “not seeing your domain on priority in the index.” This does not sound great but it seems Bing is on top of it.
Microsoft is offering to “help and debug any problems” that they are running into ” so as to allow our search engine to index your content and provide additional relevant traffic to your site,” Bing said.
Critical bug in wpDiscuz add-on has now been patched
A critical vulnerability in a WordPress plugin with more than 80,000 active installations allowed unauthenticated attackers to take full control of a target website.
The security flaw, present in wpDiscuz comment plugin, enabled attackers to upload arbitrary files in order to achieve remote code execution (RCE) on a vulnerable site’s backend server.