Chris Christoff of the Plugins Team has published the roadmap of Phase 2 of the Plugin Check plugin. According to the statistics shared at this year’s State of the Word, 41% fewer issues were reported per approved plugin after launching the Plugin Check tool, enabling the team to approve 138% more plugins each week and…
WPExperts has acquired the Advanced File Manager plugin from Modal Web. WPExperts (formerly WooExperts) is a leading WordPress development company with an extensive portfolio of WordPress and WooCommerce plugins. The Advanced File Manager plugin has over 100,000 active installations on the WordPress Plugin Repository with a 4.8-star rating. CEO of WPExperts, Saad Iqbal, emphasized the…
Awesome Motive’s WP Forms plugin has patched a Missing Authorization to Payment Refund and Subscription Cancellation vulnerability. This issue allowed authenticated attackers with Subscriber-level access or higher to refund Stripe payments and cancel subscriptions without proper authorization. Wordfence reports that “The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a…
ClikIT has announced its acquisition of the Infinite Uploads and Big File Uploads plugins from UglyRobot, LLC, owned by Aaron Edwards, the former CTO of WPMU DEV. The financial details of the deal have not been disclosed. Infinite Uploads is a versatile WordPress plugin offering cloud storage, video hosting, and CDN delivery to enhance media…
In the latest chapter of the ongoing dispute between Automattic and WP Engine, a new plugin “Secure Custom Fields” (https://wordpress.org/plugins/secure-custom-fields/) has been added to the Plugin Repository by WordPress.org. This plugin has 90+ active installations and exhibits the features of ACF Pro plugin like repeater, flexible content, clone fields gallery, options pages, and ACF Blocks.…
Matt Jaworski, Co-Founder of PeepSo.com, has announced that PeepSo is leaving the WordPress plugin repository. Moving forward, all updates for the plugin will be served directly from PeepSo’s servers. Explaining the decision, Jaworski expressed dissatisfaction with the repository, stating, “We have never been very happy with the WordPress repository, as we found their rules to…
Automattic has agreed to remove the WP Fusion Lite Plugin from WordPress.com following a Cease and Desist letter filed by the plugin’s creator Jack Arturo on October 12, 2024. The letter accused Automattic and WordPress.com of unauthorized trademark usage by displaying the plugin on WordPress.com. WP Fusion Lite is a WordPress plugin that connects WordPress…
Following the recent ban and ACF to Secure Custom Fields fork/takeover incident, some plugin authors have announced their decision to remove their plugins from the WordPress.org repository. Gravity PDF Plugin The Gravity PDF plugin with over 50k active installations and a 4.9 rating is leaving the plugin repository. Its founder Jake Jackson stated that “WordPress…
Jetpack 13.9.1, a critical security update, was released yesterday to fix a vulnerability in the Contact Form feature that had been present since 2016. This flaw allowed logged-in users of a site to access forms submitted by visitors. The vulnerability was discovered during an internal security audit, prompting the Jetpack team to collaborate with the…
Yesterday, WordPress co-founder Matt Mullenweg announced the forking of the Advanced Custom Fields (ACF) plugin into a new plugin called Secure Custom Fields. In the announcement, he stated: “On behalf of the WordPress security team, I am announcing that we are invoking point 18 of the plugin directory guidelines and are forking Advanced Custom Fields…
WPGraphQL, a popular plugin that provides an extendable GraphQL schema and API for WordPress sites, is set to become a canonical plugin on WordPress.org. Its creator and maintainer, Jason Bahl, has joined Automattic after spending 3.5 years at WP Engine, allowing him to continue his work on WPGraphQL. WPGraphQL adds a flexible and powerful GraphQL…
When WP Engine was blocked from accessing WordPress.org, users were left wondering what the future holds for ACF (Advanced Custom Fields) and how this ban will impact their sites moving forward. ACF Blocked from WordPress.org On October 03, 2024, ACF (Advanced Custom Fields) announced via X that “The ACF team has been blocked from accessing…
Security Review Lead Chris Christoff has announced two new changes for the WordPress Plugin Directory, effective from October 1, 2024. These changes aim to enhance plugin directory security and promote best practices among plugin developers. Mandatory Two-Factor Authentication As of October 1, 2024, all plugin owners and committers must enable Two-Factor Authentication (2FA) to submit…
GiveWP, a popular donation plugin for WordPress, has patched an unauthenticated PHP Object Injection to Remote Code Execution vulnerability that could be exploited to execute arbitrary code remotely and delete files. This plugin from the Liquid Web family of products has 100k+ active installs. villu164 (Villu Orav) reported the vulnerability through the Wordfence Bug Bounty…
Certain WordPress form plugins make achieving accessibility compliance easy. Others…not so much. This article highlights work that Gravity Forms and other plugins are doing to create more inclusive user experiences.