WordPress security: RCE flaw in Adning Advertising plugin exploited in the wild

Patch now against critical vulnerability

Webmasters who use WordPress plugin Adning Advertising are urged to patch against a critical vulnerability that is reportedly being exploited in the wild.

Exploitation of the flaw enables an unauthenticated attacker to upload arbitrary files, leading to remote code execution (RCE) and potentially a full site takeover.

Such is the flaw’s seriousness, MITRE has assigned it the highest possible CVSS score – 10.0.

Researchers at Wordfence, a popular security solution for WordPress, also discovered a high…


More Info

Major Bug in Grow by Mediavine WordPress Plugin

The Grow by Mediavine WordPress plugin had multiple bugs that interfered with the WP Rocket and Autoptimize plugins. Some sites experienced a lack of rankings because of this issue.

Sites that had rankings in the top of the page Google carousels lost their rankings.

Others lost the rich results images that normally accompany their search results.

When a WordPress plugin causes an issue with another plugin, that’s called a conflict. That’s what happened in this case.

A conflict between the Grow social sharing plugin and the other plugins caused issues with structured data, resulting in…


More Info

WordPress University Was Always Online – WordPress Tavern

Did anybody listen to Peter Thiel? In 2011, the billionaire co-founder of PayPal, dubbed “contrarian investor” by the New York Times, created the Thiel Fellowship. A collection of 24 youngsters under the age of 20 were awarded $100,000 in exchange for dropping out of college to start tech companies.

Thiel said:

I believe you have a bubble whenever you have something that’s overvalued and intensely believed. In education, you have this clear price escalation without incredible improvement in the product. At the same time you have this incredible intensity of belief that…


More Info

Growth Analysis by Manufacturers like WordPress.org, Wix, WordPress.com, Blogger, Tumblr, etc – Cole of Duty

 

Due to the pandemic, we have included a special section on the Impact of COVID 19 on the Blogging Platforms Market which would mention How the Covid-19 is Affecting the Industry, Market Trends and Potential Opportunities in the COVID-19 Landscape, Key Regions and Proposal for Blogging Platforms Market Players to battle Covid-19 Impact.

The Blogging Platforms Market report is one of the most comprehensive and important data about business strategies, qualitative and quantitative analysis of Global Market. The research report gives the potential headway openings that prevails in the…


More Info

Pirated WordPress Plugins Bundled with Backdoors

One widespread belief among webmasters is that attackers typically only compromise websites in a couple of ways: by exploiting vulnerabilities or stealing login credentials.

Although these are certainly two of the more common attack vectors, another method is often overlooked — but the result is just as hazardous. Whenever an attacker can successfully trick a website owner into installing a backdoor on their website, they are able to accomplish the exact same goal: unauthorized access.

Nulled & Pirated Website Software

One extremely common method hackers use to trick website owners is to…


More Info

Jetpack 8.7 Adds New Tweetstorm Unroll Feature, Improves Search Customization – WordPress Tavern

Jetpack 8.7 was released this week with an exciting new feature that allows users to “unroll” a tweetstorm and publish it in a post. The feature works inside the Tweet block. After a user embeds a tweet, it will automatically detect a tweetstorm and display a prompt to fetch the rest of the tweets. It functions in a similar way to the Thread Reader app, except the unrolled thread is hosted on your WordPress post.

Tweetstorms remain a controversial way to get a lengthy point across. Twitter users with large followings will often get wider exposure and more traction and…


More Info

Oovvuu’s hits WordPress for global reach

Australian startup Oovvuu, which uses AI to deliver context appropriate video content to accompany news stories, has been made a global technology partner by WordPress VIP, a move that will see its technology integrated into some of the world’s largest news websites.

Oovvuu uses proprietary machine learning technology to read news articles, watch videos and match them together, “to improve news reporting and generate billions in advertising dollars.”

Its customers and partners include the BBC, Reuters, The Associated Press, The Guardian and Seven West Media.


More Info

Advertising Plugin for WordPress Threatens Full Site Takeovers – Threatpost

Thousands of vulnerable websites need to apply the patch to avoid RCE.

The Adning Advertising plugin for WordPress, a premium plugin with over 8,000 customers, contains a critical remote code-execution vulnerability with the potential to be exploited by unauthenticated attackers.

The plugin’s author, Tunafish, has rolled out a patched version (v.1.5.6), which site owners should update to as soon as possible. No CVE was issued.

The bug could allow complete site takeover, earning it a 10 out of 10 on the CVSS bug-severity scale. Also, it has already been the subject of in-the-wild…


More Info

WordPress.com – Review 2020 – PCMag India

WordPress.com offers numerous website building, hosting, and blogging options at a reasonable price—it even has a free tier. Though it started life as a pure blogging play, and still includes blog community features, WordPress.com now handles most website building needs, including commerce, social integrations, and mobile presentation. The service lacks the drag-and-drop simplicity that many competing services offer, but it’s a solid, low-cost option for people who want to get online relatively quickly.

From the outset, it’s important to make clear that WordPress.com is not…


More Info

Get the WordPress ft Elementor & WooCommerce Master Class Bundle for just $29.99

Today’s highlighted deal comes via our Online Courses section of the Neowin Deals store, where you can save 97% off this WordPress ft Elementor & WooCommerce Master Class Bundle. With 14 hours of content led by best selling instructor Alexander Oni, you’ll be able to master the art of using word press and plugins for building a variety of websites.

What’s the deal?

This buindle consists of the following courses:

  1. Elementor Master Class 2020
    Learn How to Build a Full Website Blog with Elementor — No Coding Skills Required
  2. The Complete WooCommerce Master Class…

More Info