On December 11, 2023 WPScan published Marc Montpas’ research on the stored XSS vulnerability in the popular Popup Builder plugin (200,000+ active installation) that was fixed in version 4.2.3. A couple of days later, on December 13th, the Balada Injector Continue reading Thousands of Sites with Popup Builder Compromised by Balada Injector
Last week we looked at a situation where very popular security plugins are using a security function in a way that the documentation explicitly states it shouldn’t be used. That turns out to not be a one-off problem. WordPress’ documentation Continue reading WordPress Nonces Can Not Be Used for Authentication
It’s not often we’re able to travel the world. But to start off 2024 the right way, our very own Marco Berrocal will be attending the Zaragoza WordCamp in Spain on January 19th and 20th. It’s sure to be an Continue reading WordCamp Zaragoza, Spain 2024
Using WordPress AMP is one way to speed up your website and offer a better user experience. Available data shows that over 50% of Google searches come from mobile devices. However, many sites are slow, leading to a poor user Continue reading How to Set Up WordPress AMP Manually and with Plugin
A uniform resource locator — or, more commonly, URL — is the address of content on the internet. URLs often feature the address of a web page followed by a long string of seemingly random characters. These can be unsightly and Continue reading Build a Simple URL Shortener With Python
On December 14th, 2023, during our Bug Bounty Program Holiday Bug Extravaganza, we received a submission for an Authorization Bypass vulnerability in POST SMTP Mailer, a WordPress plugin with over 300,000+ active installations. This vulnerability makes it possible for unauthenticated Continue reading Type Juggling Leads to Two Vulnerabilities in POST SMTP Mailer WordPress Plugin
Facebook is one of the most popular social media platforms, therefore, it’s a great idea to integrate it on your website. In this post, we’ll show you eight ways to integrate WordPress with Facebook. Let’s get started! The post 8 Continue reading 8 Ways to Integrate WordPress with Facebook
Transcript [00:00:00] Nathan Wrigley: Welcome to the Jukebox podcast from WP Tavern. My name is Nathan Wrigley. Jukebox is a podcast which is dedicated to all things WordPress. The people, the events, the plugins, the blocks, the themes, and in Continue reading #105 – Pascal Birchler on Revolutionizing Image and Video Processing Within WordPress
In this report, 106 new vulnerabilities have been publicly disclosed. Security patches for 61 of these plugins and one theme are available now, so run those updates as soon as possible. If you’re a Solid Security Pro user, the version Continue reading WordPress Vulnerability Report — January 10, 2024
The title of your post or page usually gets the H1 heading tag. It’s only logical to give your post one title, right? Having more than one H1 is like saying: “Hey, this text is about two topics of equal Continue reading Why you only need one H1 heading per post or page
If you plan to do some updates to your website, then enabling WordPress maintenance mode is the perfect solution. In this article, we’ll discuss why maintenance mode is such a helpful tool and offer step-by-step instructions on how to get Continue reading How to Enable WordPress Maintenance Mode in 5 Easy Steps
GoDaddy is one of the most well known companies in the website hosting space, and you can now access a website builder through GoDaddy too. But WordPress is still the most popular tool for building websites. This GoDaddy Website Builder Continue reading GoDaddy Website Builder vs WordPress: Key Information
WordPress themes play a significant role in your site’s SEO. They determine your website’s structure, speed, and responsiveness – all key factors that search engines consider when ranking sites. An SEO-optimized WordPress theme will ensure that your website is accessible Continue reading 10 Best SEO-Optimized WordPress Themes in 2024