Ultimate Member Plugin for WordPress Allows Site Takeover – Threatpost

Three critical security bugs allow for easy privilege escalation to an administrator role.

A WordPress plugin installed on more than 100,000 sites has three critical security bugs that each allow privilege escalation – and potentially full control over a target WordPress site.

The plugin, called Ultimate Member, allows web admins to add user profiles and membership areas to their web destinations. According to Wordfence researchers, the flaws make it possible for both…

More Info

WordPress Site Management Software Market Size, Drivers, Potential Growth Opportunities, Competitive Landscape, Trends And Forecast To 2027 – Eurowire

WordPress Site Management Software Market Overview

The Global WordPress Site Management Software Market is showing positive signs of growth. With the current COVID-19 pandemic scenario, new business opportunities are sprouting in the market. Organizations must explore new markets to expand their business globally and locally. For getting a deeper understanding of the emerging trends, the Global WordPress Site Management Software Market report showcases various factors that drive the economy worldwide. Moreover, the companies will get to know the market landscape for the next decade…

More Info

Digital.com Announces Best WordPress Hosting Companies of 2020

Digital.com, a leading independent review website for small business online tools, products, and services, has announced the best WordPress hosting companies of 2020. Top solutions were selected based on multiple server types, uptime and load speed, and customer support.

Experts at Digital.com conducted 40 hours of research and analyzed over 30 WordPress hosting platforms. Each…

More Info

WordPress Sites Open to Code Injection Attacks via Welcart e-Commerce Bug – Threatpost

The shopping cart application contains a PHP object-injection bug.

A security vulnerability in the Welcart e-Commerce plugin opens up websites to code injection. This can lead to payment skimmers being installed, crashing of the site or information retrieval via SQL injection, researchers said.

Welcart e-Commerce is a free WordPress plugin that has more than 20,000 installations – it enjoys top market share in Japan, according to WordPress. It allows site owners to add online…

More Info

WordPress.com Drops Over 100 Block Patterns, Carving a Path the Design Community Should Follow – WordPress Tavern

Automattic released over 100 block patterns to its users on WordPress.com last week. Patterns are a set of blocks that users can insert into their posts or pages for predefined yet customizable sections of content. Most of WordPress.com’s new patterns are general enough in design to cover a range of uses. However, the choices also cover some niches like restaurants.

“The WordPress Editor is a powerful tool that can help bring your design ideas to life but one of the best parts is, you don’t have to start from scratch,” wrote Ian Stewart, the WordPress.com Design Team Lead,…

More Info

Results from the WordPress Annual Survey, Joomla Releases 4 Beta 5 and More Open Source News

Unsplash/Matthew Guay

For years, WordPress users and enthusiasts have filled an annual survey to share how they feel about the platform. The results have served to guide the platform’s direction and it also shows users understand where the community is heading. WordPress recently released the results of its 2019 survey and they’re collecting data for the next one, so you’re welcome to participate in the 2020 survey, too.

This year’s results show that WP remains as the leading open source CMS mainly because it’s the CMS most people know by default and where they…

More Info

3 Major Reasons Why You Shouldn’t Use WordPress

StockSnap / Pixabay

Almost everyone recommends people build their blog or website using WordPress.

In fact, even if you don’t have a site yet, I’m sure you’re familiar with WordPress.

However, if everybody’s harping about how good WordPress is, does it mean you should use it too?

At this point, you probably are aware of the benefits this CMS brings to the table. But you’re probably not aware of the inconveniences it brings to users.

In this post, let’s look at the dark side of WordPress (self-hosted and not WordPress.com) and why you should consider not using it.

The purpose of this…

More Info

Gutenberg 9.3 Provides Indicator of Where Full-Site Editing Is Going, a Future Without Widgets and Customizer Screens – WordPress Tavern

Version 9.3 of the Gutenberg plugin dropped earlier today. It is the first version of the plugin during the WordPress 5.6 release cycle that will not see its new features land in the core platform. However, bug fixes have been backported to WordPress 5.6 beta 2 and 3. Much of the work for the release focused on full-site editing (FSE) features and fixes. However, some minor enhancements outside of the site editor landed in the update.

The Social Links block now supports Patreon, Telegram, and Tiktok, which brings the total number of social icons to 43. The Buttons block also has an…

More Info

WordPress Site Management Software Market Provides in-depth analysis of the Industry, with Current Trends and Future Estimations to Elucidate the Investment Pockets

The market research report on the Global WordPress Site Management Software Market has been formulated through a series of extensive primary and secondary research approaches. The data is further verified and validated by industry experts and professionals. The forecast for 2020-2027 has been covered in the report and offers an extensive historical analysis for the key segments of the WordPress Site Management Software market. The well-formulated research report aims to provide the readers with a better understanding of the industry and help them formulate strategic…

More Info

WordPress 5.6 to Add UI for Enabling Major Version Auto-Updates, Contributors Discuss Adding a Filter to Hide It – WordPress Tavern

WordPress 5.6 is set to add a UI that allows users to opt into auto-updates for major versions of core. Previously, developers could turn these updates on by setting the WP_AUTO_UPDATE_CORE constant to true or by using the allow_major_auto_core_updates filter. Version 5.6 exposes this setting in the UI to make it more accessible for users.

Jb Audras posted a dev note on the feature yesterday with instructions for how developers can extend it to add more options.

A previous version of this UI specified that the setting refers to major versions:

Keep my site…

More Info