Wordpress Related News

Join the discussions about using Wordpress as a blogging platform and content management system for your website or blog.
User avatar
LMD
Contributing Member
Posts: 897
Joined: Sat Jan 04, 2020 4:40 pm
Reputation: 522
Location: Somewhere north of the 49th parallel.
Has thanked: 33 times
Been thanked: 35 times
Contact:

Re: Wordpress Related News

Post by LMD »

I'm getting upgrade notifications on all the sites, so I'm a little nervous.


Accrete
Administrator
Posts: 1607
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 944
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Re: Wordpress Related News

Post by Accrete »

Those using Contact Form 7 need to read this and update:
...A vulnerability has been discovered in Contact Form 7 that allows an attacker to upload malicious scripts. The publishers of Contact Form 7 have released an update to fix the vulnerability....
Contact Form 7 Vulnerability in +5 Million Sites


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
User avatar
LMD
Contributing Member
Posts: 897
Joined: Sat Jan 04, 2020 4:40 pm
Reputation: 522
Location: Somewhere north of the 49th parallel.
Has thanked: 33 times
Been thanked: 35 times
Contact:

Re: Wordpress Related News

Post by LMD »

Accrete wrote: Fri Dec 18, 2020 3:22 pm Those using Contact Form 7 need to read this and update:
Yep - I received an email from the Wordfence people on this. Nasty!

The plugin "auto update" function in WordPress took care of this by updating the plugin as soon as the new version was released by the authors.


Accrete
Administrator
Posts: 1607
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 944
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Bug Found in ‘Orbit Fox’ Allows Site Takeover

Post by Accrete »

If you are using Orbit Fox Wordpress plugin you should read this:

Two security vulnerabilities — one a privilege-escalation problem and the other a stored XSS bug — afflict a WordPress plugin with 40,000 installs.

Two vulnerabilities (one critical) in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website....
Continued: Critical WordPress-Plugin Bug Found in ‘Orbit Fox’ Allows Site Takeover
January 13, 2021


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Accrete
Administrator
Posts: 1607
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 944
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Plugin Flaw - Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter

Post by Accrete »

If you are using the Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter plugin you will need to make sure you have updated it.
The flaw could have let attackers send out custom newsletters and delete newsletter subscribers from 200,000 affected websites.

Developers of a plugin, used by WordPress websites for building pop-up ads for newsletter subscriptions, have issued a patch for a serious flaw. The vulnerability could be exploited by attackers to send out newsletters with custom content, or to delete or import newsletter subscribers.

The plugin in question is Popup Builder – Responsive WordPress Pop up – Subscription & Newsletter, from developer Sygnoos. The plugin has been installed on 200,000 WordPress websites. Versions 3.71 and below are affected by the vulnerability (a fix has been issued in version 3.72; and the latest version is 3.73)...
Continued: WordPress Pop-Up Builder Plugin Flaw Plagues 200K Sites
January 29, 2021


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Accrete
Administrator
Posts: 1607
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 944
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

WordPress 5.6.1 Maintenance Release

Post by Accrete »

WordPress 5.6.1 Maintenance Release issued:
...This maintenance release features 20 bug fixes as well as 7 issues fixed for the block editor. These bugs affect WordPress version 5.6, so you’ll want to upgrade...
WordPress 5.6.1 Maintenance Release
February 3, 2021


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Accrete
Administrator
Posts: 1607
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 944
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Security Bug in Contact Form 7

Post by Accrete »

If you are using the Contact Form 7 Wordpress plugin you will want to read this:
An CRSF-to-stored-XSS security bug plagues 50,000 ‘Contact Form 7’ Style users.

A security bug in Contact Form 7 Style, a WordPress plugin installed on over 50,000 sites, could allow for malicious JavaScript injection on a victim website.

The latest WordPress plugin security vulnerability is a cross-site request forgery (CSRF) to stored cross-site scripting (XSS) problem in Contact Form 7 Style, which is an add-on to the well-known Contact Form 7 umbrella plugin. It ranks 8.8 out of 10 on the CVSS vulnerability-severity scale (CVE is pending).
Continued: Unpatched WordPress Plugin Code-Injection Bug Afflicts 50K Sites
February 5, 2021


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Accrete
Administrator
Posts: 1607
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 944
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

NextGen Gallery WordPress plugin

Post by Accrete »

If you are using NextGen Gallery plugin there is a flaw that allows site takeover:
A patch in the NextGen Gallery WordPress plugin fixes critical and high-severity cross-site request forgery flaws.

Researchers are urging WordPress websites that utilize the NextGen Gallery plugin to apply a patch addressing critical and high-severity flaws..
Continued: Critical WordPress Plugin Flaw Allows Site Takeover
February 8, 2021


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Accrete
Administrator
Posts: 1607
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 944
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

Ninja Forms WordPress Plugin Bug

Post by Accrete »

Another plugin with problems that leave Wordpress sites open to hacks:
The popular plugin is installed on more than 1 million websites, and has four flaws that allow various kinds of serious attacks, including site takeover and email hijacking.

Ninja Forms, a WordPress plugin used by more than 1 million sites, contains four critical security vulnerabilities that together make it possible for a remote attacker to take over a WordPress site and create various kinds of problems.
Ninja Forms WordPress Plugin Bug Opens Websites to Hacks
February 17, 2021


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Accrete
Administrator
Posts: 1607
Joined: Fri Nov 08, 2019 12:44 am
Latest blog post: Have You Read the Webmaster Guidelines Yourself?
Answers: 1
Reputation: 944
Location: Canada
Has thanked: 22 times
Been thanked: 113 times
Contact:

5.6.2 Maintenance Release

Post by Accrete »

Notice on the Wordpress site that 5.6.2 Maintenance Release is available. Already got a notice that the blog was auto updated.
...WordPress 5.6.2 is a small maintenance release focused on fixing user-facing issues discovered in 5.6.1. The next major release will be version 5.7, currently scheduled for release on March 9, 2021....
WordPress 5.6.2 Maintenance Release
February 22, 2021


Yours truly,
Accrete Web Solutions

SEO troubleshooting and review services available. - Pm me.
Post Reply

Return to “WordPress”

Who is online

Users browsing this forum: No members and 15 guests