WordPress 4.2.4 Patches Six Security Vulnerabilities

WordPress 4.2.4 is available and patches six security vulnerabilities. The vulnerabilities were discovered by outside parties and members of the WordPress core security team. This release also fixes four bugs: WPDB: When checking the encoding of strings against the database, make sure we’re only relying on the return value of (more…)

Plugin Developers Demand a Better Security Release Process After WordPress 4.2.3 Breaks Thousands of Websites

WordPress 4.2.3, a critical security release, was automatically pushed out to users yesterday to fix an XSS vulnerability. Shortly afterwards, the WordPress.org support forums were flooded with reports of websites broken by the update. Roughly eight hours later Robert Chapin (@miqrogroove) published a post to the Make.WordPress.org/Core blog, detailing changes (more…)

New Feature Plugin Proposed: oEmbed for WordPress Posts

WordPress has a whitelist of 31 trusted sites from which users can oEmbed content, but one source is noticeably missing – WordPress itself. During this week’s feature plugin chat, Pascal Birchler and a group of contributors proposed the idea of oEmbed for WordPress Posts: Basically, we want to make WordPress (more…)

Theme Translations and Language Packs are Coming to WordPress.org

WordPress.org will soon support translations and language packs for themes hosted in the official directory. In Matt Mullenweg’s Q&A at WordCamp Europe 2015, he emphasized the importance of having better language support for themes and plugins and identified this as a high priority for continued improvements to WordPress.org. Today the (more…)