WooCommerce 2.3.11 patches an object injection vulnerability discovered by Sucuri. According to the security research company, the vulnerability is only present when the PayPal Identity Token option is set in WooCommerce. Researchers used a combination of WordPress and WooCommerce components with a known PHP bug and were able to download critical files, including wp-config.php which…
In this episode, Marcus Couch and I recap WordCamp Orange County 2015 held in Costa Mesa, CA. We share our favorite sessions, highlights of the weekend, and I explain why I spent day two of the conference in my hotel room. During the second half of the show, we cover the news of the week,…
Jeff Ikus of WooThemes, announced on the company’s themes development blog, that it has pushed out updates to all of its products that use the prettyPhoto library. The update fixes a DOM based cross-site scripting vulnerability discovered in 2014. prettyPhoto is a jQuery lightbox clone used in a potentially large number of WordPress products. If…
Ryan Boren published a post to the Make/WordPress Core blog this afternoon, titled Trust, Live Preview, and Menus in the Customizer. In it he clarified the reasons why he and several other core contributors are committed to iterating the customizer and identified the feature as a means of building user trust through live previews. Being…
The Wapuu craze has spread far and wide. From its origin in Japan, to WordCamp London, and across the US, Wapuu has become quite the traveler. While the mascot has mostly represented WordCamps, site owners are creating a custom version of the mascot to represent their sites. Michelle Schulp, a graphic designer who runs Marktimemedia,…
WordPress agencies provide a critical connection point between users and the software by building custom solutions and guiding some of the more complex implementations. Yet client work is challenging, and many developers who work in it are concurrently planning their escape into product businesses. Growing an agency reliably is one of the more difficult business…
BuddyPress fans, mark your calendars! BuddyCamp Brighton, Europe’s very first BuddyPress conference, is just two months away. The event will be held at Clearleft’s 68 Middle Street venue on August 8, 2015. This venue has a maximum capacity of 60 people, so tickets are likely to sell out fast. BuddyPress lead developer Paul Gibbs and…
The WordPress Theme Review Team (TRT) is currently seeking feedback via three separate surveys on the review process, themes, and the directory. After weathering several months of increasingly negative community feedback, the team is now looking to users and theme authors to help shape its roadmap for the future. The team’s controversial decision to require…
This post was contributed by guest author Jeff Matson. Jeff is the head of documentation for GravityForms. He is the creator of the Heartbeat Control WordPress plugin and is a fan of the 90s. Often times, documentation is the most underrated piece of the development process. When we look at rockstars in the WordPress community,…
WordPress 4.3 release lead Konstantin Obenland posted notes from this week’s core development chat, confirming that the Menu Customizer plugin has been conditionally approved to merge. The approval is pending a few conditions that will be required before officially merging it: Complete a11y audit. Address possible blockers. Merge php tests. Add JS tests. One of…
One of the most exciting features added in BuddyPress 2.3 is the new BP Attachments API. It provides a BP core-supported method of managing user-submitted files and opens up a world of possibilities for plugin developers. The API powers the new avatar uploads UI, but it can also be used to extend BuddyPress to add…
Jetpack’s related posts module is a great way to show related content without using the same server resources used to host a site. When activated, the module displays three related posts. One of two options available is to use a large and visually striking layout. When enabled, the module looks for a large image that’s…
Easy Digital Downloads announced a major change to its themes marketplace today. All official EDD themes (those that are built by the EDD core team) are now 100% free. This includes half a dozen themes that are guaranteed to be fully compatible with EDD, including the new Vendd theme launching today. EDD support manager Sean…
WordCamp San Francisco has traditionally been one of the most important WordPress events of the year where Matt Mullenweg delivers his annual State of the Word address. Last year, he announced that the the event had outgrown the Mission Bay venue and that it would be expanding to become WordCamp US in 2015. Touch the…
BuddyPress 2.3 “Livio” was released today, named in honor of Chez Livio, a famous Italian restaurant and pizza joint in Paris. Development on the 2.3 release cycle began in March with contributors prioritizing work on new APIs alongside improvements to BuddyPress’ existing APIs. Here’s a quick overview of what’s new: BP Attachments API The highlight…