In the past few weeks, WordPress saw some security vulnerabilities and famous plugins getting banned. In this week’s WordPress Weekly News, we will talk about Postman SMTP Plugin being removed from the WordPress repository, and Gutenberg 1.4!
Postman SMTP Banned From the Repository
Postman, a SMTP plugin with more than 100,000 installs has recently been removed from the WordPress plugin directory. WordFence released a report last week stating that the plugin had been removed due to a reflected cross-site scripting (XSS) vulnerability which hasn’t been removed.
A security researcher published a proof concept on June 29 to demonstrate how one could penetrate the plugin vulnerability. The researched claimed to have tried to communicate with the plugin author, but failed to do so.
Wordfence suggested its users to remove the plugin immediately as the vulnerability still exists and the author seems to have abandoned the plugin.
Three Plugin Vulnerabilities Detected – Wordfence Report Identifies
Wordfence’s security analysts detected security vulnerabilities in three separate WordPress plugins. According to the report, the three affected plugins are:
Appointments – A free plugin by WPMU DEV that allows users to manage their booking sites.
Flickr Gallery – A plugin used to create galleries of your recent photos and photosets.
RegistrationMagic – Custom Registration Forms – A plugin used to create custom registration forms.
Attackers were able to cause a vulnerability within a website to fetch a remote file and save it wherever they want to. Due to the vulnerability, the attacker wasn’t required any authentication or elevated privileges.
Following the trend of regular releases of Gutenberg updates, Gutenberg 1.4 was released yesterday with an all new feature. Users will now be able to edit HTML on a per-block basis. Users can switch to HTML mode by using the ellipsis menu and selecting the HTML icon. This way, you can switch to HTML mode for that particular block and not the entire document.
Another feature added to Gutenberg in this update is that users will see most frequently used blocks upon hovering over the inserter. It will display paragraph and image blocks if there aren’t any frequently used blocks.
The Week’s Best Tutorial & Tips
That’s all from this week’s WordPress Weekly News. If you have some exciting WordPress news, do share it in the comments below.