Google Optimize Sunsetting Google recently announced it would shut down its Optimize and Optimize 360 services. These tools were designed to help website owners optimize their content and user experience through A/B testing and personalization features. The decision to shut…
Latest articles
Business Roundup Week Ending March 3
Mike Demopoulos
BusinessThe Week in Review
Yoast weighs in on Ai Content Yoast's Sam Alderson posted about Ai Content and whether it helps or hurts your SEO. • AI-generated content is becoming increasingly popular due to its ease of use and scalability, but it lacks originality…
WordPress 6.0.2 Security and Maintenance Release: WordPress.org’s Bug Bounty Program at Work
Dan Knauss
NotesPlanet
Ram Dall over at Wordfence has a good breakdown of three vulnerabilities patched in the WordPress 6.0.2 Security and Maintenance Release. One is a high severity SQLi vulnerability in the links functionality, and the other two are medium severity Cross-Site…
Call a Vulnerability a Vulnerability Roger…
Dan Knauss
Security
Call a Vulnerability a Vulnerability Roger Montii reporting for SEJ looks at an Authenticated Stored XSS vulnerability in the WPBakery Page Builder plugin. The vulnerability was discovered by Wordfence and fixed through their collaboration with WPBakery in a recent update.…
New Year’s resolutions for WordPress developers
Jack Lenox
DevelopmentPlanet
Editor's Note: This is a guest post by Jack Lenox. Jack is a developer at Automattic and hails from the United Kingdom. For just over a year now, I have been working on the WordPress.com VIP team at Automattic. I…
There’s a Stored XSS vulnerability affecting…
Brian Krogsgard
There's a Stored XSS vulnerability affecting the bbPress plugin. This bug is present on every default install of bbPress < 2.5.9, so chances are you might be effect if you have the plugin installed anywhere. Sucuri has more info on…
WordPress security release, and 4.5 development kicks off
Brian Krogsgard
DesignSecurity
It was the first truly busy day in WordPress core land since the release of WordPress 4.4. Two big things happened: A maintenance and security update was released in WordPress 4.4.1, and the security component affected all versions back that can…
WordFence — a security plugin to…
Security
WordFence -- a security plugin to boot -- has an XSS vulnerability that was recently patched. VaultPress posted more about it, but if you run this plugin, you need to update.
Sucuri has a really in-depth walkthrough…
Sucuri has a really in-depth walkthrough of the Akismet XSS vulnerability they discovered, and it's a nasty 9/10 on their DREAD score. That basically means it's easy to do, and can result in a very bad outcome. Fortunately, auto-updates and…
Akismet getting auto-updated for critical XSS bug
Brian Krogsgard
Akismet has a critical XSS bug that dates back quite some time. A researcher from Sucuri notified us of an XSS vulnerability in the Akismet WordPress plugin. This bug affects all versions of the Akismet WordPress plugin since 2.5.0, but…
Visual Composer has had some updates…
Visual Composer has had some updates to fix several XSS vulnerabilities. This plugin is on millions of websites, either by itself or baked into themes. Envato has an update on how they're handling it, but many of you probably already…
WordPress zero day vulnerability on comment text patched in 4.2.1
Brian Krogsgard
HostingSecurity
Many readers have likely heard by now that WordPress 4.2.1 is out (and probably already patched on your installs). The patch is in response to a zero day vulnerability reported by Jouko Pynnönen of Klikki. WordPress 4.2.1 includes a check on…
