Patchstack is reporting an Insecure Direct Object References (IDOR) vulnerability in WooCommerce Stripe Gateway, the most popular WooCommerce Stripe payment plugin with more than 900,000 active users. It was discovered by Patchstack researcher Rafie Muhammad on April 17, 2023, and patched by WooCommerce on May 30, 2023, in version 7.4.1. The security advisory describes the…
WordPress Accessibility Day, an independent 24-hour virtual conference, will return in 2023 – this time under an official non-profit status. The first edition of the event was hosted in 2020 by the WordPress core Accessibility Team. They wanted to manage it independently of the WordPress Foundation in order to reserve the option to do things like…
During the 2022 State of the Word, Matt Mullenweg announced a plan to add new “Community” and “Commercial” taxonomies for the theme and plugin directories that would help users more quickly ascertain the purpose of the extensions they are considering. Shortly after the announcement, instructions were published for theme and plugin authors to opt into…
Q&A segments at a live event are a valuable point of connection where attendees have the opportunity to gain the undivided attention of the speaker or panelist and get answers to important questions. Inevitably, people who abuse the format can lower the quality of the experience for everyone. A Twitter thread addressing this chronic problem…
WordPress is 20 years old today, an estimable milestone for open source software running on the web. Parties are happening all over the world – in Geneva, Los Angeles, Istanbul, Bangkok, Lahore, Jakarta, Mumbai – in over 150 different locations. The software has been downloaded more than 2.8 billion times but the most impressive stat…
WordPress is celebrating its 20th anniversary tomorrow and recently its co-founders, Matt Mullenweg and Mike Little, joined Drupal founder Dries Buytaert together on stage at a private event for the first time on May 17. They discussed how their lives were influenced by open source and how they built their projects around the freedoms it…
WordPress’ Performance Team has published a summary of a core performance analysis they completed in order to identify and prioritize areas for improvement. As part of this process, contributors created a methodology with a standard set of tools that can be used to collect and share profiling data for various components of the application. The…
A new MariaDB Health Checks plugin is now available on WordPress.org, thanks to the efforts of contributors involved in the 2023 CloudFest Hackathon which took place in Germany. MariaDB is a popular open source database used by those looking to further scale their websites, as it is generally faster than MySQL with better support for…
Automattic has published a new project called wp-now that creates a local development environment in seconds. The tool is a NodeJS app that is powered by WordPress Playground, an experimental project that uses WebAssembly (WASM) to run WordPress in the browser. wp-now allows developers to quickly spin up a new WordPress site with their chosen theme…
Gutenberg 15.8 was released with some exciting features that were included in the tentative WordPress 6.3 roadmap. Users are getting closer to a more unified content editing experience with the addition of the Pages menu to the Site Editor. Clicking on Pages will load the ten most recently updated pages with a link to “Manage…
Shufflehound made a big splash in March when it released Lemmony, a free WordPress block theme with more than 30 patterns. This was the company’s first block theme on WordPress.org and it is already active on more than 1,000 websites. Building on the success of this theme, Shufflehound has created a child theme for agencies.…
WordPress 6.2.2 was released early this morning as a rapid follow-up to 6.2.1, which introduced a bug that broke shortcode support in block templates. Version 6.2.1 was also an important security release, but due to the catastrophic breakage for those using shortcodes in block templates, some users were implementing insecure workarounds or simply downgrading to…
The WordPress 6.3 development cycle has begun and work is already underway on an ambitious list of features that will debut in the upcoming major release. It will cap off Phase 2 of the Gutenberg project, with an emphasis on polishing customization features and making them easier to use. WordPress 6.3 Editor Triage co-lead Anne…
WordCamp Europe 2023 is just under three weeks away from happening in Athens on June 8-10. More than 2,700 tickets have been purchased and 527 remain, along with 49 micro-sponsor tickets. Speaker announcements have concluded and the official schedule was published today. WCEU will be running three tracks of presentations and two tracks for workshops.…
WordPress may soon be getting a Command Center, which would function as a quick search component for navigating to other areas of the admin, and would also be capable of running commands. The feature was introduced in Gutenberg 15.6 under the Experimental flag and currently has limited use in the Site Editor context while navigating…