Plugins

NRKbeta Open Sources Comment Quiz Plugin for WordPress

NRKbeta, the Norwegian Broadcasting Corporation’s media and technology site, is experimenting with a new way of keeping comments on topic. A new plugin on the WordPress-powered site aims to ensure commenters have read the article by requiring them to complete a short, three-question quiz before opening the comment form. Visitors (more…)

NextGEN Gallery Featured Image

Slavco Mihajloski, security researcher at Sucuri, has discovered a critical SQL injection vulnerability in NextGEN Gallery, a popular WordPress plugin that’s active on more than a million sites. Mihajloski gives the vulnerability a 9 out of 10 on Sucuri’s DREAD scale. Dread stands for Damage, Reproducibility, Exploitability, Affected Users, and Discoverability. Each category (more…)

WP Super Cache 1.4.9 Patches Multiple XSS Vulnerabilities

WP Super Cache is a nearly 10-year-old plugin that is maintained by Donncha Ó Caoimh and is actively installed on more than a million sites. Releases have been far and few between, but Ó Caoimh has released WP Super Cache 1.4.9 that patches cross-site-scripting vulnerabilities on the settings page. “Those pages (more…)

Say What Plugin Passes 10K Active Installs

WordPress core doesn’t make it easy to edit text strings, but a little plugin called Say What? has been quietly gaining a solid user base by providing this functionality. It allows users to edit text strings without editing WordPress core or plugin code. Lee Willis released Say What in 2013, (more…)

Invitation Featured Image

One of the first things I recommend users do after installing WordPress is to either close user registration or install a plugin that protects the site against spam registrations. A friend of mine recently started a new WordPress site that has BuddyPress installed. After two weeks, I chipped in to (more…)

WP eCommerce 3.11.4 Patches SQL Injection Vulnerability

Over the weekend, the WP eCommerce team released version 3.11.4 of its e-commerce plugin. The update patches an SQL injection vulnerability that was responsibly disclosed by Mika Epstein, a member of the WordPress.org plugin review team. According to Justin Sainton, lead developer of WP eCommerce, the team was notified of the vulnerability on (more…)