[ad_1] Starting October 1st, 2024, WordPress.org will roll out new security measures aimed at enhancing the safety of accounts with commit access to plugins and themes. This was announced by the Automattic-sponsored developer Dion Hulse. Mandatory Two-Factor Authentication Beginning next month, WordPress.org will make two-factor authentication (2FA) mandatory for all plugin and theme authors. Authors […]
Continue readingTag Archives: Security
WooCommerce 5.7.0 Patches Security Issue that Could Potentially Leak Analytics Reports – WP Tavern
[ad_1] WooCommerce shipped version 5.7.0 through a forced update for some users earlier this week. The minor release was not billed as a security update but the following day WooCommerce published a post explaining that the plugin was vulnerable to having analytics reports leaked on some hosting configurations: On September 21, 2021, our team released […]
Continue readingWeekly WordPress News: WordPress 5.8.1 Security Release
[ad_1] Hey, WordPress fans. We are checking in with your latest dose of weekly WordPress news. This week, WordPress released a security and maintenance update with 60 bug fixes and 3 security fixes. We recommend updating your sites if you haven’t yet. Beyond that, Jetpack acquired Social Image Generator, a plugin that automatically creates social […]
Continue readingACF 5.10 Introduces Block API v2 Support, Block Preloading, and Security Improvements – WP Tavern
[ad_1] Advanced Custom Fields (ACF) has released version 5.10, the first major release since the plugin was acquired by Delicious Brains. It introduces several new features that were previously experimental, closing out tickets that were started by previous owner Elliot Condon. The release enables HTML escaping by default, which helps prevent Cross-Site Scripting (XSS) attacks. […]
Continue readingWordfence and WPScan Publish Mid-Year WordPress Security Report – WP Tavern
[ad_1] WPScan is on track to post a record-breaking year for WordPress plugin vulnerabilities submitted to its database, according to a collaborative mid-year security report the company published with Wordfence. In the first half of 2021, WPScan has recorded 602 new vulnerabilities, quickly surpassing the 514 reported during all of 2020. The report is based […]
Continue readingWooCommerce 5.5.2 Fixes Performance Issues Found After Forced Security Update – WP Tavern
[ad_1] WooCommerce has shipped version 5.5.2 as a follow-up to the forced security update that patched a SQL Injection vulnerability last week. The vulnerability impacted versions 3.3 to 5.5 of the WooCommerce plugin, as well as versions 2.5 to 5.5 of the WooCommerce Blocks feature plugin. The team created a patch for more than 90 releases, which was sent […]
Continue readingWooCommerce Patches Critical Vulnerability, Sending Forced Security Update from WordPress.org – WP Tavern
[ad_1] WooCommerce has patched an unspecified, critical vulnerability identified on July 13, 2021, by a security researcher through Automattic’s HackerOne security program. The vulnerability impacts versions 3.3 to 5.5 of the WooCommerce plugin, as well as version 2.5 to 5.5 of the WooCommerce Blocks feature plugin. “Upon learning about the issue, our team immediately conducted […]
Continue readingJetpack 9.8 Introduces WordPress Stories Block Alongside Forced Security Update – WordPress Tavern
[ad_1] Jetpack 9.8 was released this week, introducing WordPress Stories as the headline feature. The Story block, which allows users to create interactive stories, was previously only available on mobile. It can now be used in the web editor. Stories went into public beta on the Android app in January 2021, and were officially released on […]
Continue reading