WordPress Plugin Bug Opens 100K Websites to Compromise – Threatpost

[ad_1]

Legions of website visitors could be infected with drive-by malware, among other issues, thanks to a CSRF bug in Real-Time Search and Replace.

A high-severity cross-site request forgery (CSRF) vulnerability in Real-Time Find and Replace, a WordPress plugin installed on more than 100,000 sites, could lead to cross-site scripting and the injection of malicious JavaScript anywhere on a victim site.

According to research from Wordfence released on Monday, the malicious code injection could be used to create a new administrative user account, steal session cookies, redirect users to a…

[ad_2]
More Info

Hackers are creating backdoor accounts and cookie files on WordPress sites running OneTone

[ad_1]

the-creative-exchange-zs3ofu40cqu-unsplash.jpg

Image via The Creative Exchange

Hackers are actively targeting WordPress sites running the OneTone theme to exploit a vulnerability that allows them to read and write site cookies and create backdoor admin accounts.

The campaign has been going since the start of the month, and it’s still underway.

The vulnerability is a cross-site scripting (XSS) bug in OneTone, a popular but now…

[ad_2]
More Info

WordPress plugin bug lets hackers create rogue admin accounts

[ad_1]

WordPress plugin bug lets hackers create rogue admin accounts

WordPress owners are advised to secure their websites by updating the Real-Time Find and Replace plugin to prevent attackers from injecting malicious code into their sites and creating rogue admin accounts by exploiting a Cross-Site Request Forgery flaw.

The security vulnerability is a Cross-Site Request Forgery (CSRF) that leads to Stored Cross-Site Scripting (Stored XSS) attacks and it impacts all Real-Time Find and Replace versions up to 3.9.

It can be abused to trick WordPress admins into injecting malicious JavaScript into their own websites’ pages after clicking a malicious link…

[ad_2]
More Info

Should the Block Editor Have a Grid System? – WordPress Tavern

[ad_1]

Laying out a webpage design and getting every element aligned perfectly can be a tough job. Even many developers rely on CSS grid frameworks. Granted, with the introduction of the flexbox and grid systems in the CSS language, such frameworks are becoming unnecessary. Whether it is getting the vertical and horizontal rhythm down or simply aligning an image next to a bit of text, page layouts are often done best via some sort of grid system.

This becomes even more apparent when building a page layout visually through the WordPress block editor. The current iteration of the editor does…

[ad_2]
More Info

Best web hosting services in 2020 for small business: Wix, Squarespace, WordPress, and more

[ad_1]

There are thousands of web hosting providers. Some hosting companies run their own data centers. Others rent virtual machines from cloud service providers. All provide some way for their customers to appear online. But choosing the right hosting provider for you can prove to be quite the challenge. While you no longer need to be a programmer or an IT professional to properly configure a web presence, you do need to understand marketing and design and know how to get your message across.

We’ve…

[ad_2]
More Info

How to Sell Gift Cards on Your WordPress Site

[ad_1]

Digital gift cards are an excellent way for businesses to supplement their cash flow and boost revenues, especially during this public health crisis like COVID-19.

Customers have always bought gift cards to use in the future, but they may buy them now as a way to support local businesses through this tough time. If you’re wondering how to set up your WordPress site to sell gift cards, we’ve got you covered.

Why Sell Gift Cards

Gift card sales reached a high of $160 billion in 2018, doubling their growth in a decade. While most people still prefer a physical gift card, the market…

[ad_2]
More Info

Duplicated Vulnerabilities in WordPress Plugins

[ad_1]

During a recent plugin audit, we noticed a weird pattern among many plugins responsible for performing a specific task: Duplicating a page or a post.

With a bit of research, we came to the following conclusion: Many of these plugins came from the same source — and contained the same vulnerabilities.

SQL Injections in Vulnerable Plugins

Let’s talk for a moment about the original code sample that this entire scenario stems from: A blog post from Misha Rudrastyh, written back in 2013, detailing how to duplicate posts without the help of a plugin by inserting a bit of code into a theme’s…

[ad_2]
More Info

WP Feedback Kicks off Free Virtual Summit for WordPress Professionals on April 27 – WordPress Tavern

[ad_1]

Decorative image for the WP Feedback Virtual Summit

WP Feedback is running a virtual event from April 27 – May 1. The event is primarily geared toward WordPress professionals who are looking to scale their business. It will feature CEOs, designers, freelancers, and more from the WordPress space. Between five and seven video sessions will be available each new day of the event.

The sessions are free to watch for the full 24-hour period on the day they are scheduled. Once that window closes, visitors must purchase an all-access pass to view them, which is currently available for $67 but will go up to $97 once the event begins. A…

[ad_2]
More Info

Chatterbox Plugin Uses WordPress Blocks to Show Conversations – WordPress Tavern

[ad_1]

Chatterbox is a new plugin with a fun and creative use for the block editor. It displays chat or text threads using blocks that are styled as conversations. Users can type in a record of a chat, including timestamps, with a live preview in the editor.

Since written conversations are essentially little blocks of text and media, the block editor lends itself nicely to composing and displaying this type of content. The Chatterbox block can be found under Layout Elements in the block inserter. It includes the option to select a style (Inbound, Outbound, or Event) and add a…

[ad_2]
More Info

How To Completely Remove Defacement From WordPress Site?

[ad_1]

Imagine this – you wake up one morning, grab your cup of coffee, and get to work. When you open your WordPress site, you’re met with the horror of defaced pages. The content of your site has been changed and your website is ruined.

You see that your site is displaying unwanted ads and popups for adult content, fake products or illegal drugs. In some cases, hackers also display religious or political propaganda on your home page.

Such an attack can be devastating. You’ll lose visitors and customers because when they see your site is defaced, they’ll leave immediately. Things get worse…

[ad_2]
More Info