Thousands of WordPress websites were impacted by three remote code execution vulnerabilities that were identified in the PHP Everywhere plugin, the Wordfence team at WordPress security company Defiant warns.
With more than 30,000 downloads, the PHP Everywhere plugin is an open-source plugin designed to enable PHP code everywhere in the WordPress installation.
The latest PHP Everywhere iteration was released last month with patches for three critical vulnerabilities (CVSS score of 9.9) that could allow users with low privileges to execute code on the WordPress sites that use the plugin.
More Info
Critical RCE Flaws in ‘PHP Everywhere’ Plugin Affect Thousands of WordPress Sites
Critical security vulnerabilities have been disclosed in a WordPress plugin known as PHP Everywhere that’s used by more than 30,000 websites worldwide and could be abused by an attacker to execute arbitrary code on affected systems.
PHP Everywhere is used to flip the switch on PHP code across WordPress installations, enabling users to insert and execute PHP-based code in the content management system’s Pages, Posts, and Sidebar.
The three issues, all rated 9.9 out of a maximum of 10 on the CVSS rating system, impact versions 2.0.3 and below, and are as follows –
- CVE-2022-24663 – Remote…
More Info
Top 10 Security Tips to Keep Your WordPress Site Healthy
As we go through the winter months and whether changes, many of us go to our local pharmacy and take advantage of a flu shot. We do this because maybe we have had the flu before and the second of pain from the jab is nothing in comparison to the hours and days of sickness from catching the flu bug.
As everyone’s grandparents tell them, “An ounce of prevention is worth a pound of cure.” Keeping strong cyber security hygiene to prevent hacks saves you from expensive remediation costs, compromised data and a weakened WordPress immune system. Did you know that breached sites are more…
More Info
PHP Everywhere RCE flaws threaten thousands of WordPress sites
Researchers found three critical remote code execution (RCE) vulnerabilities in the ‘PHP Everywhere’ plugin for WordPress, used by over 30,000 websites worldwide.
PHP Everywhere is a plugin that allows WordPress admins to insert PHP code in pages, posts, the sidebar, or any Gutenberg block, and use it to display dynamic content based on evaluated PHP expressions.
Three RCE flaws
The three vulnerabilities were discovered by security analysts at Wordfence and can be exploited by contributors or subscribers, affecting all WordPress versions from 2.0.3 and below.
Here’s a short description…
More Info
The ultimate guide to the WordPress database
At its core, WordPress is a CMS (Content Management System). To manage content, it needs to be able to store it. WordPress does this through folders and files, and a database. We have previously covered the WordPress filesystem in a separate article; we will focus on the database this time around.
In this article, we will be looking at the WordPress database, its structure, and how each field works. We have also included a brief history lesson on MySQL. Hint – The My in MySQL does not mean it’s yours; My is an actual person, but who? – Continue reading to find out.
Table of…
More Info
Convesio looks to develop its scalable WordPress hosting platform after securing $5m – Business Leader
Scaleable WordPress hosting platform Convesio has secured $5m in funding, which the company plans to use to accelerate development of its unique container-based solution and continue to disrupt a market that is slow to innovate.
Convesio is the only WordPress hosting provider to have productized scaling. Anyone can deploy a highly-scalable WordPress website in minutes, and not hours or days, which is the typical timeframe of a traditional VPS setup.
The round of funding was secured from a select group of private investors, some of whom had originally contributed to Convesio’s…
More Info
Aprimo Launches New Digital Experience Platform Powered by WordPress VIP
CHICAGO, Feb. 8, 2022 /PRNewswire/ — Aprimo, an industry-leading provider of digital asset management and work management solutions, today announced a brand refresh that includes an all-new digital experience platform (DXP). The platform integrates the company’s content operations platform with a best-in-class content management system and content analytics, bringing bolder brand experiences to market and the intelligence to marketers to better understand content performance and value.
The new aprimo.com is an innovative, unified marketing technology stack developed by Aprimo and…
More Info
Creating Slides With the Carousel Slider Block WordPress Plugin – WP Tavern
Over the weekend, Virgiliu Diaconu asked me to check out his Carousel Slider Block plugin, a project he has maintained for three years. It has slowly garnered more than 5,000 active installs since its release.
I get emails like this every day. More often than not, the projects are fundamentally broken or are a bit too spammy for my taste. Like so many others, I ask myself, Could this be one of those diamonds in the rough? I am always optimistic enough to hold out the tiniest sliver of hope.
I should preface this review by saying that I have a general dislike of sliders and…
More Info
Five reasons why WordPress is perfect to build a membership website
Launched almost two decades ago, WordPress now powers more than 37% of all websites across the world and at a strong 62%, it holds the title of the world’s most popular content management system (CMS). Originally created as a personal blog-publishing system by Mike Little and Matt Mullenweg, WordPress has since evolved to a full-fledged CMS built on PHP and MySQL with an aGPLv2 license, and it can cover any kind of site you can think of.
Being a free and open-source CMS, WordPress is supported by its contributing community of dedicated developers, web designers, and all sorts of content…
More Info
Blogging Platforms Market to Witness Huge Growth by 2027
New Jersey, United States,- The research approach of this Blogging Platforms Market report is a mixture of primary research, secondary research and assessments by expert panels. Secondary research includes industry-related documents as well as press releases, annual reports and research reports. Other sources to get specific data on strategic expansion opportunities in this market report are trade journals, industry magazines, government websites and associations. The main research consists of conducting telephone interviews with numerous industry experts as well as sending…
More Info