Theme Fusion’s Avada WordPress Theme, the highest selling theme on Themeforest for the past four years, has fixed stored XSS and CSRF vulnerabilities in its 5.1.5 release. The security issues were discovered by WP Hütte, a WordPress security blog, and the site published details of the vulnerabilities after Theme Fusion patched its theme. Although the…
This morning, WordCamp Europe 2017 organizers published an open letter to Emmanuel Macron, the president of France, regarding attendees being denied visas for the event. According to the rejections attendees have received, France is denying the visas because the ticket price for the conference is too low: It has come to our attention that our…
In 2014, Chris Wiegman forked VVV to create Primary Vagrant, an Apache based Vagrant configuration that uses Puppet. The project has steadily evolved over the past three years and the latest release includes significant changes that require users to destroy any existing environments before upgrading. Primary Vagrant 4.0 runs on PHP 7.1 by default. It…
GitHub open sourced its JavaScript-powered Atom editor in 2014 with extensibility designed to be its single-most important feature. Over the past three years, a thriving ecosystem of more than 6,000 packages to extend the editor has grown out of Atom’s open source community. GitHub estimates Atom now has 2.1 million active users. This week Atom…
WordCamp Europe’s Contributor Day is set for Thursday, June 15th, 2017, the day before the conference days begin. Attendees will be split into contributor teams and this year the event will also feature four talks and 13 workshops. The selected team leaders are long-time WordPress core and community contributors from around the world. Scheduled talks…
WordPress 4.7.5 was released today with fixes for six security issues. If you manage multiple sites, you may have seen automatic update notices landing in your inbox this evening. The security release is for all previous versions and WordPress is recommending an immediate update. Sites running versions older than 3.7 will require a manual update.…
A year and a half after the initial release of the controversially-named Hookr plugin, its creator, Christopher Sanford, has rebranded the plugin as WP Inspect. The plugin provides a WordPress hook/API reference for developers and displays the actions and filters that fired as the page loaded. At launch Sanford was fairly committed to the Hookr…
The District Court for the Northern District of California has denied a motion to dismiss a complaint of breach of contract and copyright infringement claims in a case regarding the GPL. The plaintiff, Artifex Software Inc., is the creator of Ghostscript, an AGPL-licensed PDF interpreter. In 2016, the company filed a lawsuit against Hancom, a…
WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress,…
Weglot, a multilingual plugin which has been in the WordPress market for a little over a year, has closed €450K in seed funding from SIDE Capital. Co-founder Rémy Berda reports that there are now more than 10,000 websites using Weglot and the company has passed 30K€ in monthly revenue. Over the past six months Berda…
WordPress 4.8 kicked off in this week’s core developer meeting and the schedule for the upcoming release is now published. Beta 1 is scheduled for May 12 and the official release is targeted for June 8. This will be the first major release in 2017 and is focused on laying the foundation for the new…
Security researcher Dawid Golunski of Legal Hackers has published the details of an unauthorized password reset vulnerability in WordPress core. Golunski demonstrated how, under certain circumstances, an attacker could intercept the password reset email and gain access to a user’s account. His proof of concept takes advantage of WordPress using the SERVER_NAME variable to get…
The WordPress Community Team is debating the merits of a new type of WordCamp, a hybrid event with the traditional WordCamp content in a retreat-style format. Sven Wagener and the Köln meetup group in Germany, which has more than 700 members, have proposed a new style of camp that would potentially be called “WordCamp in…
Jetpack 4.9 gives self-hosted WordPress users access to some of the widgets that are available on WordPress.com. One of the most useful ones for European websites is the new EU Cookie Law Banner widget. The WordPress plugin directory has dozens of plugins related to cookie consent, but Jetpack users can now get this feature bundled…
WooConf, the official WooCommerce developer’s conference, is returning for its third edition October 19-20, 2017. In line with previous years’ events that were hosted in major U.S. tech hubs (San Francisco and Austin), WooConf 2017 will be held in Seattle. The organizing team, which is made up of almost a dozen people from around the…