On May 5, Patchstack published a security advisory about a high severity reflected cross-site scripting (XSS) vulnerability in ACF (Advanced Custom Fields), potentially affecting more than 4.5 million users. WP Engine patched the vulnerability on May 4, but the Akamai Security Intelligence Group (SIG) is reporting that attackers began attempting to exploit it within 24… Continue reading ACF Plugin’s Reflected XSS Vulnerability Attracts Exploit Attempts Within 24 Hours of Public Announcement
Category: Plugins
ACF Launches New Annual Survey
WP Engine has launched an annual survey for Advanced Custom Fields (ACF), one of the plugins it acquired from Delicious Brains in 2022. ACF reports more than 4.5 million active users, including PRO site installs, and WP Engine Product Manager Iain Poulson reports that the plugin is “growing in every way since the acquisition.” ACF… Continue reading ACF Launches New Annual Survey
Community Roundup Week Ending May 12
If You See Something, Say Something This week I posted an observation. I observed that with 20 speakers announced for WCEU (at that point) that there were only about 25% women and even fewer non-white people. I hoped for more in the rest of the announcements. I came under attack quickly from some people. And… Continue reading Community Roundup Week Ending May 12
Tech Roundup Week Ending May 12
WooCommerce 7.7 If you’re running an online store using WooCommerce, you’ll be excited to hear about the recent 7.7 release! This latest update focuses on improving performance, security, and user experience. Among the key features in version 7.7 is the new Webhooks API, enhanced management of external products, and improved performance when modifying variations. From… Continue reading Tech Roundup Week Ending May 12
The WP Agency Journey with Bet Hannon of AccessiCart-Post Status Draft
Bet Hannon, CEO of AccessiCart, talks with Cory Miller about her journey in starting an agency focused on accessibility and e-commerce in the WordPress space. She highlights the importance of accessibility, not only as a legal requirement but also as a means to enhance the user experience for all visitors. Bet emphasizes the need for… Continue reading The WP Agency Journey with Bet Hannon of AccessiCart-Post Status Draft
Essential Addons for Elementor Patches Critical Privilege Escalation Vulnerability
Essential Addons for Elementor, a plugin with more than a million active installs, has patched an unauthenticated privilege escalation vulnerability in version 5.7.2. The vulnerability was discovered on May 8, 2023, and reported by Patchstack researcher Rafie Muhammad. It was given a 9.8 (Critical severity) CVSS 3.1 score and is not yet known to have been… Continue reading Essential Addons for Elementor Patches Critical Privilege Escalation Vulnerability
WP 6.2.1 RC1 • Annual Survey Results • WCUS Scholarship Fund
This Week at WordPress.org (May 8, 2023) WordPress 6.2.1 RC1 is now available for testing, and planning is underway for the 6.3 AND 6.4 release squad members. Head over to the Core team website for more information. Each year the WordPress community has an opportunity to participate in the annual survey. The results from 2022… Continue reading WP 6.2.1 RC1 • Annual Survey Results • WCUS Scholarship Fund
Advanced Custom Fields Plugin Patches Reflected XSS Vulnerability
Advanced Custom Fields (ACF) has patched a reflected XSS vulnerability that affects versions 6.1.5 and below of ACF and ACF Pro, potentially impacting more than 2+ million users. It was discovered by Patchstack researcher Rafie Muhammad in February 2023, and patched by ACF developers in version 6.1.6 in April. Patchstack published a security bulletin and Muhammad… Continue reading Advanced Custom Fields Plugin Patches Reflected XSS Vulnerability
Tech Roundup Week Ending May 5
New Community Theme Launched WordPress Themes Team released a new block theme, Stacks, designed to build slide decks. Stacks was designed and constructed by Saxon Fletcher with help from Ben Dwyer. After customizing the theme, users can create slides on any post or page using the ‘Stacks’ pattern. The theme is mobile-friendly and not likely… Continue reading Tech Roundup Week Ending May 5
Community Roundup Week Ending May 5
AI and WordPress is AI and All of Us In a recently blog post, Kathy Zant wrote about using AI for new headshots, and how that caused her to think about how we perceive ourselves versus how we might perceive ourselves – and our possibilities – when we look at ourselves through AI “eyes.” She… Continue reading Community Roundup Week Ending May 5