WordPress plugins | ResearchBuzz: Firehose

December 7, 2023

Search Engine Journal: Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs

Search Engine Journal: Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs. “Security researchers at Wordfence detailed a critical security flaw in the MW WP Form plugin, affecting versions 5.0.1 and earlier. The vulnerability allows unauthenticated threat actors to exploit the plugin by uploading arbitrary files, including potentially malicious PHP backdoors, with the ability to execute these files on the server.”

October 25, 2023

Search Engine Journal: WordPress LiteSpeed Plugin Vulnerability Affects 4 Million Websites

Search Engine Journal: WordPress LiteSpeed Plugin Vulnerability Affects 4 Million Websites. “The popular LiteSpeed WordPress plugin patched a vulnerability that compromised over 4 million websites, allowing hackers to upload malicious scripts. LiteSpeed was notified of the vulnerability two months ago on August 14th and released a patch in October.”

Security & Legal Issues 0

October 13, 2023

Ars Technica: Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

Ars Technica: Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability. “Thousands of sites running the WordPress content management system have been hacked by a prolific threat actor that exploited a recently patched vulnerability in a widely used plugin. The vulnerable plugin, known as tagDiv Composer, is a mandatory requirement for using two WordPress themes: Newspaper and Newsmag. The themes are available through the Theme Forest and Envato marketplaces and have more than 155,000 downloads.”

Security & Legal Issues 0

October 12, 2023

New to WordPress.com: Earn More By Adding a Paywall (WordPress)

WordPress: New to WordPress.com: Earn More By Adding a Paywall . “While there are many ways to monetize your website, there’s one strategy that stands out for its potential and simplicity: the paywall. We’re excited to tell you that this feature is now available on all WordPress.com sites.”

Tweaks & Updates 0

September 17, 2023

TechCrunch: WordPress blogs can now be followed in the fediverse, including Mastodon

TechCrunch: WordPress blogs can now be followed in the fediverse, including Mastodon. “In March, WordPress.com owner Automattic made a commitment to the fediverse — the decentralized social networks that include the Twitter rival Mastodon and others — with the acquisition of an ActivityPub plug-in that allows WordPress blogs to reach readers on other federated platforms. Now, the company is announcing ActivityPub 1.0.0 for WordPress has been released allowing WordPress blogs to be followed by others on apps like Mastodon and others in the fediverse and then receive replies back as comments on their own sites.”

Tweaks & Updates 0

September 9, 2023

Search Engine Journal: Creating A Simple WordPress Plugin With 6 AI Chatbots

Search Engine Journal: Creating A Simple WordPress Plugin With 6 AI Chatbots. “I tested six AI chatbots by creating a WordPress plugin. Find out if ChatGPT, Bard, Bing, Claude, Code Llama, and Llama 2 completed the task.”

Useful Stuff 0

July 14, 2023

Ars Technica: WordPress plugin installed on 1 million+ sites logged plaintext passwords

Ars Technica: WordPress plugin installed on 1 million+ sites logged plaintext passwords. “All-In-One Security, a WordPress security plugin installed on more than 1 million websites, has issued a security update after being caught three weeks ago logging plaintext passwords and storing them in a database accessible to website admins.”

Security & Legal Issues 0

May 24, 2023

Search Engine Journal: Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites

Search Engine Journal: Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites. “The National Vulnerability Database announced that a popular Google Analytics WordPress plugin installed in over 3 million was discovered to contain a Stored Cross-Site Scripting (XSS) vulnerability.”

Security & Legal Issues 0

May 2, 2023

Search Engine Journal: WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin

Search Engine Journal: WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin. “The WPCode – Insert Headers and Footers + Custom Code Snippets WordPress plugin, with over a million installations, was discovered to have a vulnerability that could allow the attacker to delete files on the server.”

Security & Legal Issues 0

March 9, 2023

WP Tavern: Jetpack 11.9 Adds Sharing Button for Mastodon, Updates Stats Dashboard Design

WP Tavern: Jetpack 11.9 Adds Sharing Button for Mastodon, Updates Stats Dashboard Design. “Jetpack 11.9 was released this week with support for sharing posts to Mastodon. The new button allows readers to click an icon to launch a sharing window that will ask the user to enter the full URL of the Mastodon instance where they want to share the post.” Stopped and immediately added Mastodon sharing buttons to ResearchBuzz, ResearchBuzz Firehose, and Search Gizmos.

Tweaks & Updates 0

February 27, 2023

Search Engine Journal: All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million

Search Engine Journal: All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million. “All In One SEO (AIOSEO) plugin, which has over three million active installations, is vulnerable to two Cross-site scripting (XSS) attacks. The vulnerabilities affect all versions of AIOSEO up to and including version 4.2.9.”

Security & Legal Issues 0

February 19, 2023

WordPress Vulnerability: ShortPixel Enable Media Replace Plugin (Search Engine Journal)

Search Engine Journal: WordPress Vulnerability: ShortPixel Enable Media Replace Plugin. “National Vulnerability Database published a vulnerability advisory about the ShortPixel Enable Media Replace WordPress plugin used by over 600,000 websites. A high severity vulnerability was discovered that could allow an attacker to upload arbitrary files. The United States Vulnerability Database (NVD) assigned the vulnerability a score of 8.8 out of 10, with 10 being the highest severity.”

Security & Legal Issues 0

January 5, 2023

Ars Technica: Hundreds of WordPress sites infected by recently discovered backdoor

Ars Technica: Hundreds of WordPress sites infected by recently discovered backdoor. “Malware that exploits unpatched vulnerabilities in 30 different WordPress plugins has infected hundreds if not thousands of sites and may have been in active use for years, according to a writeup published last week.”

Security & Legal Issues 0

July 15, 2022

The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover

The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover. “Miscreants have reportedly scanned almost 1.6 million websites in attempts to exploit an arbitrary file upload vulnerability in a previously disclosed buggy WordPress plugin. Traced as CVE-2021-24284, the vuln targets Kaswara Modern WPBakery Page Builder Addons and, if exploited, it would allow criminals to upload malicious JavaScript files and even completely take over an organization’s website.”

Security & Legal Issues 0

June 28, 2022

CogDogBlog: Useful Way to Taste a WordPress Plugin

CogDogBlog: Useful Way to Taste a WordPress Plugin . “Think about it when you are looking to review or pick a WordPress plugin. All you have is what the authors write about it, maybe if luck a link to a demo. But this ‘trick’ Emma shared lets you actually take out of the Codex for a full test drive.”

Useful Stuff 0

Search Engine Journal: Critical WordPress Form Plugin Vulnerability Affects Up To +200,000 Installs

Search Engine Journal: WordPress LiteSpeed Plugin Vulnerability Affects 4 Million Websites

Ars Technica: Thousands of WordPress sites have been hacked through tagDiv plugin vulnerability

New to WordPress.com: Earn More By Adding a Paywall (WordPress)

Search Engine Journal: Creating A Simple WordPress Plugin With 6 AI Chatbots

Ars Technica: WordPress plugin installed on 1 million+ sites logged plaintext passwords

Search Engine Journal: Vulnerability in WordPress Google Analytics Plugin Hits +3 Million Websites

Search Engine Journal: WordPress Vulnerability Hits +1 Million Using Header & Footer Plugin

Search Engine Journal: All In One SEO WordPress Plugin Vulnerability Affects Up To 3+ Million

WordPress Vulnerability: ShortPixel Enable Media Replace Plugin (Search Engine Journal)

Ars Technica: Hundreds of WordPress sites infected by recently discovered backdoor

The Register: Thousands of websites run buggy WordPress plugin that allows complete takeover

CogDogBlog: Useful Way to Taste a WordPress Plugin

Get RB Firehose Via EMail

Recent Posts

Popular Posts

Latest ResearchBuzz Gizmos