WordPress Weekly News 004: WordPress 4.7.2 Fixes Major Security Flaw and Much More

With WordPress, it’s never a dull week. The past few days were no short of interesting things and that is exactly what I will cover for you in this week’s WordPress roundup.

No WooCommerece Without WordPress.com

Logging into WooCommerce will now require a WordPress.com account. The change doesn’t seem to do any harm to anyone, right? Concerns were still shown by WooCommerce users that the change was made without any prior notice.

New Plugin Guidelines

WordPress recently announced some alterations to the plugin guidelines. Guideline 12 which covers readme links was among the ones to be modified. The guideline now reads “Public-facing pages on WordPress.org (readmes) may not spam” as opposed to “..may not contain “sponsored” or “affiliate” links or third party advertisements”.

Guideline 13 was also altered. The guideline, previously covered number of tags, is now in reference to WordPress default libraries.

WordPress for iOS 6.9 Is Available For Testing

WordPress for iOS 6.9 will be tested on new “post-post” screen. This would include a screen confirming that you have published a post. The screen will also have action-specific buttons like share, edit, and view.

The iPad layout will also be tested. The readers will now have a split view on iPads. The reader comments were also altered to refresh the UI.

WordPress Fixes Stuff

WordPress 4.7.2 fixes three major security concerns involving a cross-site scripting and a SQL injection vulnerability. The SQL injection flaw affected the WordPress’s WP_Query which was detected by Mohammad Jangda, a web developer at Automattic.

The cross-site bug was detected in the core class that displays posts in a list table. Ian Dunn, member of the WordPress security team, detected the bug.