Thunderbolt Flaws, WordPress Plugin Vulnerabilities, Patriot Act Vote

In episode 121 for May 18th 2020: A new Thunderbolt flaw could let hackers steal your data in under five minutes, new vulnerabilities in a popular WordPress plugin, and details on why the US Senate just rejected a plan to require a warrant to obtain Americans’ web browsing history.

** Show notes and links mentioned on the show **

Thunderbolt flaw lets hackers steal your data in ‘five minutes’
https://www.wired.com/story/thunderspy-thunderbolt-evil-maid-hacking/

Thunderbolt 3 The USB-C that does it all
https://thunderbolttechnology.net/consumer/

Thunderspy tool to test if your PC is…


More Info

iA Writer Adds Expanded Support for IndieWeb Tools and WordPress Publishing – WordPress Tavern

iA Writer has been delighting users with its minimal writing experience for nearly a decade, racking up more than 3 million downloads. The most recent version 5.5 release for Mac and iOS moves the bar higher for competing writing apps with new support for previewing PDFs and improved support for publishing to self-hosted WordPress sites.

In 2019, MacStories selected iA Writer as App of the Year, describing it as “a case study on how to build a desktop-class iOS/iPadOS app in 2019 that understands the traits of each platform while offering an opinionated, sophisticated…


More Info

WordPress malware finds WooCommerce sites for Magecart attacks

Image: Erik Mclean

Researchers at website security firm Sucuri have discovered a new WordPress malware used by threat actors to scan for and identify WooCommerce online shops with a lot of customers to be targeted in future Magecart attacks.

WooCommerce is an open-source WordPress plugin with over 5 million active installs and designed to make it easy to run e-commerce sites that can be used to “sell anything, anywhere.”

Attacking WooCommerce online stores is not something new as shown by previous attacks that were attempting to hack into online stores by brute-forcing admin…


More Info

Critical WordPress plugin bug allows for automated takeovers

Attackers can exploit a critical vulnerability in the WP Product Review Lite plugin installed on over 40,000 WordPress sites to inject malicious code and potentially take over vulnerable websites.

WP Product Review Lite helps site owners to quickly create custom review articles using pre-defined templates.

The plugin comes with support for including affiliate links, rich snippets, review widgets, as well as for buy buttons for additional monetization streams.

Persistent XSS leading to site takeover

The WP Product Review Lite bug found by the Sucuri Labs research team can be remotely…


More Info

WordPress Layouts | Customizing Key Pages on Your Website – WordPress.com

Before Kathryn Pressner became a WordPress.com Happiness Engineer (our name for customer support specialists), she spent several years as a freelance website designer, charging clients to build sites with customized WordPress themes. 

Though she had the chops — “my job took a lot of technical skill,” she says — she realized the inherent inefficiencies in her line of work. “To build a site designed from scratch that matches the brand and has custom features, the cost can add up,” she says. “And some business owners I worked with never became comfortable with…


More Info

Page Builder WordPress Plugin Bugs Could Allow Complete Site Takeover

Another WordPress plugin with over 1 million active installations has made it to the news due to security bugs. This time, it’s the Page Builder plugin for WordPress sites that has a couple of bugs allowing full site takeovers.

Page Builder WordPress Plugin Bugs

Wordfence has highlighted another vulnerable WordPress plugin that boasts more than 1 million active installations.

As revealed in their blog post, the popular WordPress plugin Page Builder by SiteOrigin had multiple security bugs. Exploiting these bugs could allow an adversary to gain complete control of the target…


More Info

Envato Launches Template Kits Marketplace for Elementor – WordPress Tavern

Watch out block patterns. There is an old player in town making the hard sell before you have even rolled out of bed. Envato just dropped a massive library of template kits for Elementor in your front yard.

Not to worry, the company plans to open things up for the block editor in the future. The Elementor page builder just makes the most sense right now. It was the first to market. It is mature and has a backing of 5 million users, many of whom will be accustomed to commercial upsells, and $15 million in recent funding. Financially, it is the smart play. The company can also test…


More Info

WordPress Google Sitemaps Automatic Integration Getting Closer

Last June we reported that Google was looking to build directly into WordPress the automatic generation and submission of XML Sitemaps. This way when you publish content, and you didn’t set up an XML Sitemap, the XML Sitemap file will be done automatically.

Gary Illyes from Google said on Twitter that WordPress might get native sitemap support!” He shared this tweet from Pascal Birchler, a Google engineer, who said “we’re making great progress towards a merge proposal for WordPress 5.5.” This is in regards to getting the XML Sitemaps feature plugin for WordPress built into…


More Info

WordPress Contributor Andy Fragen Shares His Experience as a Trauma Surgeon During the COVID-19 Pandemic – WordPress Tavern

Last weekend I had the opportunity to interview Andy Fragen, a longtime member of the WordPress community and core contributor. He is also the author of the GitHub Updater plugin, which allows developers to enable automatic updates to their GitHub, Bitbucket, GitLab, or Gitea hosted WordPress plugins, themes, and language packs. In the video below, Fragen gives us a window into his world on the frontlines as an acute care surgeon.

After working his shifts at the hospital, Fragen returns home and voluntarily keeps himself in semi-isolation from his wife and kids. He spends his…


More Info

Google WordPress plugin bug can be exploited for black hat SEO

A critical bug found in Google’s official WordPress plugin with 300,000 active installations could allow attackers to gain owner access to targeted sites’ Google Search Console.

Site Kit is a WordPress plugin designed by Google to help site owners to gain insight on how their visitors use and find their website via official stats collected from multiple Google tools and displayed directly in the WordPress dashboard.

The plugin also makes it easier to set up and configure key Google products such as the Search Console, Analytics, Tag Manager, PageSpeed Insights, Optimize, and…


More Info