Social Warfare announced via Twitter on March 21, 2019, a new version 3.5.3 was released due to a cross-site scripting (XSS) WordPress vulnerability that was discovered yesterday. The social sharing plugin allows users to share social media links in the form of buttons on their website and comments, making it easier for their readers’ to quickly access the websites’ social media pages.
Category: WordPress News
This week a severe WordPress vulnerability was patched by the authors of Easy WP SMTP WordPress Plugin. Easy WP SMTP allows users to send outgoing emails through the SMTP server in an attempt to keep their emails from going directly to spam or junk mail. This vulnerability allows cybercriminals to gain unauthenticated access to sites using this plugin. With over 300,000 active installations, thousands of users are affected by this zero-day vulnerability in version 1.3.9.
On March 12, 2019, a maintenance release was announced by WordPress for version 5.1.1. With this new version, there are 10 fixes and enhancements, which include security updates that address how comments are filtered and stored within the database. Prior to this update, if WordPress comments were maliciously crafted, an unauthenticated attacker could gain access to the user’s site, resulting a cross-site scripting vulnerability.
Last week WordPress released version 4.9.7, a maintenance and security update. This update addresses a recently discovered security vulnerability, as well as 17 additional bug fixes. WordPress disclosed that versions 4.9.6 and earlier are affected by a security vulnerability that to delete files outside of the /wp-content/uploads directory. This could potentially allow users created by malware to delete files necessary to the core functionality of WordPress.
The Gutenberg WordPress Editor will very soon be part of WordPress core. This new editor promises a completely different content creation experience in WordPress, and is arguably one of the biggest changes of functionality in WordPress history. And no single core feature has ever inspired such heated debate amongst WordPress users and developers.