A critical vulnerability has been discovered in the CleanTalk Anti-Spam plugin for WordPress, which is widely used to protect websites from spam attacks. This flaw, affecting over 200,000 installations, has been given a severity rating of 9.8 out of 10, emphasizing its grave potential for exploitation. What’s the Issue? The vulnerability lies in an authentication bypass, allowing attackers to access websites without needing login credentials. Essentially, this flaw enables bad…
Read More
The popular WordPress plugin Happy Addons for Elementor—used by over 400,000 websites—has recently patched a security vulnerability that previously left many sites at risk. This flaw, known as a stored cross-site scripting (XSS) vulnerability, allowed attackers with minimal permissions to inject harmful scripts onto a site, potentially compromising site visitors and owners. Background on Happy Addons for Elementor Happy Addons is a plugin that enhances the Elementor page builder with…
Read More
WPGraphQL, a popular plugin that brings powerful GraphQL functionality to WordPress sites, is gaining a new level of endorsement within the WordPress ecosystem. Its creator, Jason Bahl, recently joined Automattic, aligning WPGraphQL with WordPress’s parent company and positioning it to become an official “canonical plugin” on WordPress.org. What is WPGraphQL? WPGraphQL introduces a GraphQL API for WordPress, allowing developers to query WordPress data more efficiently and flexibly compared to traditional…
Read More
Exciting changes are on the horizon for WooCommerce as the eCommerce platform prepares to unveil a new logo in early 2025. The redesign aims to reflect WooCommerce’s evolving brand identity, aligning with its fresh product vision and setting the stage for continued growth in the world of online commerce. According to Chief Marketing Officer Tamara Niesen, this new look for WooCommerce isn’t just about aesthetics. "We saw an opportunity to…
Read More
Recently, the WordPress plugin ecosystem saw significant shifts as several well-known plugin developers decided to remove their plugins from the WordPress.org repository. This wave of departures follows controversies around the takeover of the Advanced Custom Fields (ACF) plugin, and concerns about WordPress.org's governance and transparency. Here’s what’s happening and what it means for users. Gravity PDF Leaves WordPress.org Gravity PDF, a popular plugin used by over 50,000 sites, announced it’s…
Read More
WordPress recently announced a new chapter for one of its most popular plugins, Advanced Custom Fields (ACF), with a forked version called Secure Custom Fields (SCF). The fork, led by WordPress co-founder Matt Mullenweg, marks a significant development for plugin users and web developers alike. Let’s break down what happened, why it matters, and what you need to know if you’re using ACF on your site. What Happened? The WordPress…
Read More
Jetpack has just rolled out version 13.9.1 to address a critical security flaw in its Contact Form feature—a vulnerability present since 2016. This newly patched flaw could have allowed logged-in users on a website to access private information from form submissions, posing a risk for unauthorized data exposure. Discovery and Immediate Action The issue came to light during an internal security audit by the Jetpack team, who quickly joined forces…
Read More