After an accumulation of undisclosed and unpatched vulnerabilities in plugins hosted on WordPress.org, Patchstack has reported 404 plugins to WordPress’ Plugin Review Team. “This situation creates a significant risk for the WordPress community, and we decided to take action,” Patchstack
WordPress Playground, an experimental project that uses WebAssembly (WASM) to run WordPress in the browser, makes it possible for users to quickly test plugins and themes without having to set up a local development environment. Ordinarily, testing a plugin or theme with
group.one, a European cloud hosting and digital marketing services provider, has acquired the BackWPup, Adminimize, and Search & Replace plugins from Inpsyde. Together the products have more than 1.1 million active installs and will join group.one’s growing portfolio of WordPress products, which include
The Kadence Blocks plugin, which is used on more than 300,000 WordPress sites, has patched a critical vulnerability in its Advanced Form Block file upload capability. Version 3.1.11, released on August 8, 2023, patches the security issue with the form
WordPress’ Plugin Review team is wading through a backlog that was over 900 plugins awaiting approval earlier this week. The current count has 870 plugins sitting in the review queue, with an average wait time of 61 days before initial
ConvertKit has updated its official WordPress plugin and WooCommerce add-on to support a range of new features. More than 40,000 sites use ConvertKit’s plugin to integrate their newsletters, email campaigns, and digital products with WordPress. The service is free for
Jetpack 12.4 was released today, launching the plugin’s Newsletter product. It allows users to send blog posts as newsletters, without the hassle of having to copy and paste from the WordPress editor into another newsletter service’s campaign editor and reformat
Snicco, a WordPress security services provider, has published an advisory on a vulnerability in the MalCare plugin, which is active on more than 300,000 sites. “MalCare uses broken cryptography to authenticate API requests from its remote servers to connected WordPress
A new era has begun for WordPress.org’s Plugin Review Team. Mika Epstein, who has served for the past decade, is stepping down, but not before launching a new crew of volunteers. The team is responsible for approving newly submitted plugins,
WPScan is reporting a hacking campaign actively exploiting an unpatched vulnerability in the Ultimate Member plugin, which allows unauthenticated attackers to create new user accounts with administrative privileges and take over the site. The vulnerability has been assigned a CVSSv3.1