Sigh. Another day, another reason for WordPress users to get patching: Hackers abuse bug in popular plugin (The Register)

The Register: Sigh. Another day, another reason for WordPress users to get patching: Hackers abuse bug in popular plugin. “A critical vulnerability in a popular WordPress plugin called WP File Manager was spotted on Tuesday and was quickly patched by the plugin’s developers. But the flaw, which allows arbitrary file uploads and remote code execution on WordPress websites, is already being actively exploited.”

CNET: Apple says WordPress doesn’t have to add in-app purchases

CNET: Apple says WordPress doesn’t have to add in-app purchases. “Apple’s remarks come after WordPress founding developer Matt Mullenweg tweeted Friday that Apple was going to cut off updates and bug fixes to the open-source software app unless it committed to supporting in-app purchases for WordPress’ payment plans.”

Bleeping Computer: Newsletter plugin bugs let hackers inject backdoors on 300K sites

Bleeping Computer: Newsletter plugin bugs let hackers inject backdoors on 300K sites. “The vulnerability was found in the Newsletter WordPress plugin that provides the tools needed to create responsive newsletter and email mail marketing campaigns on WordPress blogs using a visual composer. Newsletter has already been downloaded over 12 million times since it was added to the official WordPress plugin repository and is now installed on more than 300,000 sites.”

Bing Blogs: Get your WordPress content indexed immediately using Bing Webmaster Tools plugin

Bing Blogs: Get your WordPress content indexed immediately using Bing Webmaster Tools plugin . “Today, we are excited to announce the release of Bing URL Submissions Plugin for WordPress as open source project. The plugin allows webmasters of WordPress sites to get their content easily, automatically and immediately indexed by Bing as soon as their content is published! Who in the SEO community has not dreamed of such ability?”

Hongkiat: 10 Best WordPress Plugins to Create Forms, Polls & Surveys

Hongkiat: 10 Best WordPress Plugins to Create Forms, Polls & Surveys. “It is a well-known fact that one of the best ways to engage users on your website and gather significant user insights, is through polls, forms and surveys. For websites built on the WordPress platform, there is an abundance of free plugins you can take advantage of. However, to save you from the tiring effort of searching the best WordPress plugins for polls and surveys, I have gathered here some of the top choices I’ve come to know, use and experience.”

Search Engine Journal: Google Web Stories WordPress Plugin for More Traffic

Search Engine Journal: Google Web Stories WordPress Plugin for More Traffic. “Google announced a beta WordPress plugin that enables publishers to take advantage of Google’s relatively new Web Stories. Web Stories is a way to rank at the top of Google search, Google images, Discover, and Google App.”

Search Engine Land: Several WordPress SEO plugins are on the fritz

Search Engine Land: Several WordPress SEO plugins are on the fritz. “It’s been a challenging week for many SEO plugin users. Numerous users of the Google Analytics Dashboard for WP plugin by ExactMetrics are claiming that they’ve lost traffic data after updating to version 6.0. Meanwhile, the Yoast SEO and Rank Math plugins are producing incorrect canonical URLs when those URLs contain Unicode characters.”

Lifehacker: Update the ‘Duplicator’ WordPress Plugin to Block a Zero-Day Attack

Lifehacker: Update the ‘Duplicator’ WordPress Plugin to Block a Zero-Day Attack. “The WordPress plugin Duplicator—a great tool for migrating your WordPress site to another host or backing up all of your content, themes, and plugins—has more than one million active installations. It also has one glaring vulnerability that you’re going to want to patch right now. Otherwise, a savvy attacker could use the plugin to download critical files from a WordPress site, like your ever-important wp-config.php file.”

MakeUseOf: 6 WordPress Plugins to Secure Your Website From Hackers

MakeUseOf: 6 WordPress Plugins to Secure Your Website From Hackers. “Plugins are basic add-ons to your WordPress website, giving you extra functionality. Some customize the look of your posts. Some boast search engine optimization features. And there are some great plugins to make sure your website is safe from hackers, bots, and malware. Here are some of the best WordPress plugins you should need to protect your site from cyberattacks.”

Security Week: Flaw in WordPress Themes Plugin Allowed Hackers to Become Site Admin

Security Week: Flaw in WordPress Themes Plugin Allowed Hackers to Become Site Admin. “A serious vulnerability found in a WordPress themes plugin with over 200,000 active installations can be exploited to wipe a website’s database and gain administrator access to the site. ThemeGrill Demo Importer is a popular plugin that allows WordPress website administrators to import demo content, widgets and settings for ThemeGrill themes.”

ZDNet: Critical bugs in WordPress plugins InfiniteWP, WP Time Capsule expose 320,000 websites to attack

ZDNet: Critical bugs in WordPress plugins InfiniteWP, WP Time Capsule expose 320,000 websites to attack. “The pair, used to manage multiple WordPress websites from one server and create backups for files and database entries when updates are issued, were examined by cybersecurity researchers from WebArx who found ‘logical issues in the code that allows you to login into an administrator account without a password.'”