On December 14, 2020, the Wordfence Threat Intelligence team finished researching two Cross-Site Request Forgery (CSRF) vulnerabilities in NextGen Gallery, a WordPress plugin with over 800,000 installations, including a critical severity vulnerability that could lead to Remote Code Execution(RCE) and Stored Cross-Site Scripting(XSS). Exploitation of these vulnerabilities could lead to a site takeover, malicious redirects, spam injection, phishing, and much more.
It might be different text, images, or something else. But no matter what the content is, it’s pretty dang engaging. Full Article! Podaj dalej: Facebook Twitter LinkedIn więcej
Stores devote generous amounts of time and effort to acquiring new customers. During the holiday season, new prospects and leads get even more attention. And that’s mostly fine. But remember — it’s far easier to generate new revenue from existing and previous customers. Full Article! Podaj dalej: Facebook Twitter LinkedIn więcej
In early March, WordPress contributors began discussing the possibility of dropping support for IE11 in the near future after usage fell below ~1%. This week, the discussion’s facilitator, Héctor Prieto, confirmed the majority of participants are in agreement to move forward and set a timeline for discontinuing support. Contributors are now considering either the 5.8….
Gutenberg 10.7 landed yesterday. Within a few hours, the development team also released version 10.7.1 of the plugin with a few bug fixes. The latest update primarily focuses on work expected to land in WordPress 5.8 this July. Full article! Podaj dalej: Facebook Twitter LinkedIn więcej
Adding star ratings to your website lets your customers review your products and services while improving your social proof. Full Article! Podaj dalej: Facebook Twitter LinkedIn więcej
On February 11, 2021, our Threat Intelligence team responsibly disclosed several vulnerabilities in Redirection for Contact Form 7, a WordPress plugin used by over 200,000 sites. One of these flaws made it possible for unauthenticated attackers to generate arbitrary nonces for any function. The second flaw made it possible for authenticated attackers to install arbitrary…