The WordPress core team has released WordPress 4.5.2 which patches two security vulnerabilities in WordPress versions 4.5.1 and below. The first is a SOME vulnerability (Same-Origin Method Execution) in Plupload, the third-party library WordPress uses for uploading files. The second is a reflected cross-site-scripting vulnerability in MediaElement.js, the third-party library used for media players. Auto…
Ninja Forms, a popular plugin active on more than 500K websites, released an update 48 hours ago that addresses a critical security vulnerability. Wordfence is reporting that Ninja Forms versions 2.9.36 to 2.9.42 contain multiple security vulnerabilities. One of the vulnerabilities allows an attacker to upload and execute code remotely on WordPress sites. The only…
Earlier this year, the WordPress project made a huge move by adopting accessibility coding standards for new and updated code. If you’re struggling to meet WCAG 2.0 guidelines in your WordPress projects and need help, check out the new Accessibility section in the WordPress.org support forums. Amanda Rush, who helps WordPress developers make their themes…
On this episode of WordPress Weekly, I describe my experience attending WordCamp Chicago 2016 this past weekend. Marcus Couch and I then discuss the news of the week including a new tool that helps WordCamp organizers create customized name badges. We also have a lengthy discussion on the freemium business model and how it’s affecting…
WordCamp Chicago 2016 was held at University Center in the heart of Chicago, IL, where more than 300 attendees spent the weekend learning about WordPress. The event was organized by Ryan Erwin and a team of volunteers. Tracks were split up into three separate rooms limiting the amount of background noise during sessions. Giving attendees…
John James Jacoby, lead developer of bbPress, has released bbPress 2.5.9 to patch a security vulnerability, “bbPress 2.5.8 and below are susceptible to a cross-site-scripting vulnerability that’s due to the way users are linked to their profiles when they are mentioned in topics and replies,” Jacoby said. Marc-Alexandre Montpas is credited for responsibly disclosing the…
Templatic, a WordPress commercial theme company, reported on Saturday, April 30th, that its site was hacked. Files and databases containing customer usernames and passwords were compromised. According to R. Bhavesh, founder of Templatic, the data is being held for ransom money. The hacker is now threatening us via email and demanding ransom money be paid.…
In this episode of WordPress Weekly, Marcus Couch and I discuss the news of the week as our guest couldn’t make it. Marcus shares his experience at WordCamp San Diego this past weekend and offers feedback to the organizing team. We let you know what’s in the recently released WordPress update and discuss what happens…
WordPress 4.5.1 is available and addresses a dozen items reported against WordPress 4.5. According to Adam Silverstein, “a singular class issue that broke sites based on the Twenty Eleven theme, an incompatibility between certain Chrome versions and the visual editor, and an Imagick bug that could break media uploads,” are among the bugs fixed. A…
WordCamp Chicago 2016 takes place this weekend and I’ll be among the many attendees. I haven’t visited the city since 2009 and I’m excited to satisfy my craving for deep dish pizza at Lou Malnati’s. WordCamp Chicago 2009 is a special memory because it’s where I saw a demo of Gravity Forms before it launched…
WordPress for iOS 6.1 is available from the App Store and includes a number of improvements. Those who use Jetpack can now manage Publicize connections from within the app. Comments can quickly be moderated thanks to gestures added to the notifications screen. Swiping left on a notification displays options to approve, unapprove, spam, or trash…
There’s a lot of great WordPress content published in the community but not all of it is featured on the Tavern. This post is an assortment of items related to WordPress that caught my eye but didn’t make it into a full post. Matt Mullenweg’s Father Passes Away Losing a loved one is tough, especially…
Since I started covering WordPress in 2009, one of the things I’ve noticed is that certain topics have a cyclical nature to them. One of these is the contention in the WordPress community on what data is sent, stored, and shared on WordPress.org. In a post published on Torquemag.io, Josh Pollock, Founder of CalderaWP, argues…
WordPress 4.5 “Coleman” was released last week without too many issues. However, the WordPress development team recently identified two bugs that are prompting an immediate point release scheduled for next week. The first is that TinyMCE toolbars and tabs are unresponsive in Chrome Version 50.0.2661.75 beta-m (64-bit). The second is that page templates with widgets…
In this episode of WordPress Weekly, Marcus Couch and I are joined by Mika Epstein. Epstein reviews plugins before they’re added to the WordPress plugin directory and volunteers on the WordPress support forums. We learn what the plugin review process is like and common security issues she discovers. I was shocked to learn that Epstein…