Wordpress Related News

Join the discussions about using Wordpress as a blogging platform and content management system for your website or blog.
Forum rules
Please make yourself familiar with our rules and guidelines before posting.
Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Wordpress Related News

Post by Accrete »

Follow this thread if you are using Wordpress for your blog or as a content management system for your website.

Even though Wordpress can be set to auto update you still need to keep up to date with:
  1. core updates
  2. which of your plugins are compatible with core updates
  3. which of your plugins and themes need updating (Wordpress does not update themes and plugins automatically)
  4. what plugins are under attack by hackers
  5. if Wordpress in general is under attack by hackers

This thread is for update notices from Wordpress.org and any notices elsewhere that there is a problem with Wordpress core programming or a plugin.

Some of your sites built using Wordpress may be set to automatically update the core Wordpress program but this does not update your plugins or 3rd party themes. It is a good idea to check manually that everything is up to date every once in a while.
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

WordPress 5.3.1 Security and Maintenance Release

Post by Accrete »

Wordpress security and maintenance release 5.3.1
WordPress 5.3.1 is now available!

This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below.

WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.
Read full notice at WordPress 5.3.1 Security and Maintenance Release
December 13, 2019
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers

Post by Accrete »

If your site or blog uses Ultimate Addons for Beaver Builder or Ultimate Addons for Elementor you need to read this threat notice:
One flaw found in WordPress plugins Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor is actively being exploited.


Security researchers are warning users of two WordPress plugins made by Brainstorm Force that they need to patch a “major” vulnerability that could allow hackers to gain administrative access to any website using the plugins.

The plugins in question are Ultimate Addons for Beaver Builder and Ultimate Addons for Elementor. Both WordPress plugins are designed to help website publishers easily add advanced designs and user functions to websites built using the specific frameworks Beaver Builder and Elementor...
Continued: Critical Bug in WordPress Plugins Open Sites to Hacker Takeovers at Threat Post
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

WordPress 5.3.2 Maintenance Release

Post by Accrete »

Another maintenance release for WordPress 5.3:
WordPress 5.3.2 is now available!

This maintenance release features 5 fixes and enhancements.

WordPress 5.3.2 is a short-cycle maintenance release. The next major release will be version 5.4.

You can download WordPress 5.3.2 by clicking the button at the top of this page, or visit your Dashboard → Updates and click Update Now.

If you have sites that support automatic background updates, they’ve already started the update process.
Notice continued at: https://wordpress.org/news/2019/12/wordpress-5-3-2-maintenance-release/WordPress 5.3.2 Maintenance Release
December 18, 2019
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Critical WordPress Bug Leaves 320,000 Sites Open to Attack

Post by Accrete »

If your Wordpress blog or site uses InfiniteWP Client or WP Time Capsule you have a problem on your hands:
Authentication bypass bugs in WordPress plugins InfiniteWP Client and WP Time Capsule leave hundreds of thousands of sites open to attack.


Two WordPress plugins, InfiniteWP Client and WP Time Capsule, suffer from the same critical authorization bypass bug that allows adversaries to access a site’s backend with no password.

All an attacker needs is the admin username for the WordPress plugins and they are in, according to researchers from WebArx who created proof-of-concept attacks to exploit the vulnerabilities.
Continued: Critical WordPress Bug Leaves 320,000 Sites Open to Attack at Threat Post
January 15, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

WordPress plugin Code Snippets

Post by Accrete »

Those who use the Wordpress plugin Code Snippets - there is a high-severity flaw with it
...The WordPress plugin in question in Code Snippets, which allows users to run small chunks of PHP code on their websites. This can be used to extend the functionality of the website (essentially used as a mini-plugin). The flaw (CVE-2020-8417) has been patched by the plugin’s developer, Code Snippets Pro.

“This is a high severity security issue that could cause complete site takeover, information disclosure, and more,” said Chloe Chamberland with Wordfence, who discovered the flaw, in an analysis this week. “We highly recommend updating to the latest version (2.14.0) immediately.”...
200K WordPress Sites Vulnerable to Plugin Flaw
January 30, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

GDPR Cookie Consent WordPress plugin Bug

Post by Accrete »

Users of the GDPR Cookie Consent WordPress plugin need to update right away:
..A popular WordPress plugin, which helps make websites compliant with the General Data Protection Regulation (GDPR), has issued fixes for a critical flaw. If exploited, the vulnerability could enable attackers to modify content or inject malicious JavaScript code into victim websites.

The plugin, GDPR Cookie Consent, which helps businesses display cookie banners to show that they are compliant with EU’s privacy regulation, has more than 700,000 active installations – making it a ripe target for attackers. The vulnerability, which does not yet have a CVE number, affects GDPR Cookie Consent version 1.8.2 and below...
Critical WordPress Plugin Bug Afflicts 700K Sites
February 13, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

ThemeGrill Plugin

Post by Accrete »

Another plugin alert. This time the ThemeGrill Demo Importer:
...Researchers are urging users of a vulnerable WordPress plugin, ThemeGrill Demo Importer, to update as soon as possible after discovering attackers are actively exploiting a flaw in the plugin....
Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin
February 18, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

WordPress plugin Duplicator

Post by Accrete »

Users of the Duplicator plugin need to read this:
When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then.


Active exploits are targeting a recently patched flaw in the popular WordPress plugin Duplicator, which has more than 1 million active installations. So far, researchers have seen 60,000 attempts to harvest sensitive information from victims.

Researchers at Wordfence who discovered the in-the-wild attacks said in a post Thursday that 50,000 of those attacks occurred before Duplicator creator Snap Creek released a fix for the bug last week on Feb. 12 – so it was also exploited in the wild as a zero-day...
Active Attacks Target Popular Duplicator WordPress Plugin
February 21, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Accrete
Administrator
Posts: 1786
Joined: Fri Nov 08, 2019 12:44 am
Answers: 1
Reputation: 987
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Bug in Popup Builder

Post by Accrete »

Those using Sygnoos' Popup Builder need to read this:
The high-severity flaw allows malicious code injection into website pop-up windows.

Two vulnerabilities – including a high-severity flaw – have been patched in a popular WordPress plugin called Popup Builder. The more severe flaw could enable an unauthenticated attacker to infect malicious JavaScript into a popup – potentially opening up more than 100,000 websites to takeover.
Continued: WordPress Plugin Bug in Popup Builder Threatens 100K Websites
March 13, 2020
Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.

Post Reply

Return to “WordPress”

Who is online

Users browsing this forum: No registered users and 169 guests