WordPress Weekly News 038: WordPress Vulnerabilities, Gutenberg 1.4 and more!

WordPress Weekly News 038: WordPress Vulnerabilities, Gutenberg 1.4 and more!

In the past few weeks, WordPress saw some security vulnerabilities and famous plugins getting banned. In this week’s WordPress Weekly News, we will talk about Postman SMTP Plugin being removed from the WordPress repository, and Gutenberg 1.4!

Postman SMTP Banned From the Repository

Postman, a SMTP plugin with more than 100,000 installs has recently been removed from the WordPress plugin directory. WordFence released a report last week stating that the plugin had been removed due to a reflected cross-site scripting (XSS) vulnerability which hasn’t been removed.

A security researcher published a proof concept on June 29 to demonstrate how one could penetrate the plugin vulnerability. The researched claimed to have tried to communicate with the plugin author, but failed to do so.

Wordfence suggested its users to remove the plugin immediately as the vulnerability still exists and the author seems to have abandoned the plugin.

Three Plugin Vulnerabilities Detected – Wordfence Report Identifies

Wordfence’s security analysts detected security vulnerabilities in three separate WordPress plugins. According to the report, the three affected plugins are:

Appointments – A free plugin by WPMU DEV that allows users to manage their booking sites.

Flickr Gallery – A plugin used to create galleries of your recent photos and photosets.

RegistrationMagic – Custom Registration Forms – A plugin used to create custom registration forms.

Attackers were able to cause a vulnerability within a website to fetch a remote file and save it wherever they want to. Due to the vulnerability, the attacker wasn’t required any authentication or elevated privileges.

Gutenberg 1.4

Following the trend of regular releases of Gutenberg updates, Gutenberg 1.4 was released yesterday with an all new feature. Users will now be able to edit HTML on a per-block basis. Users can switch to HTML mode by using the ellipsis menu and selecting the HTML icon. This way, you can switch to HTML mode for that particular block and not the entire document.

Another feature added to Gutenberg in this update is that users will see most frequently used blocks upon hovering over the inserter. It will display paragraph and image blocks if there aren’t any frequently used blocks.

The Week’s Best Tutorial & Tips

50+ Frequently Asked Questions About WordPress

How to Get Unlimited, Sure-to-Work Blog Post Ideas in a Non-Obvious Way

How to Migrate Your WordPress Site to Any Host (Minus the Panic)

6 Best WordPress Testimonial Plugins for 2017: Boost Social Proof

A Simple Guide to Changing Your Permalinks Without Breaking Your WordPress Website

WordPress 4.9: Everything You Must Know About WordPress 4.9 Features

That’s all from this week’s WordPress Weekly News. If you have some exciting WordPress news, do share it in the comments below.

WPblog

WP Blog is dedicated to getting you up and running
in the field of Wp blog wizardry - No Wands Involved!