Thousands of WordPress websites were found using a vulnerability add-on that allows threat actors to take over the site entirely.
Researchers uncovered a critical flaw in YITH WooCommerce Gift Cards Premium, an add-on for the website builder providing an interface to build gift cards on WordPress sites, which is reportedly being used by more than 50,000 websites.
The flaw itself is an unauthenticated arbitrary file upload vulnerability, allowing crooks, among other things, to upload web shells and gain full access to the target website.
Stealing crypto account details
The vulnerability, tracked as CVE-2022-45359 and given has a severity score of 9.8 – critical, has since been patched and users are urged to update their add-on as soon as possible, as there is evidence of the flaw being abused in the wild.
It was first discovered in late November 2022, when researchers found the flaw present in all versions up to 3.19.0. Hence, users are advised to bring the add-on to at least 3.20.0, or 3.21.0 which is now also available for download.
The flaw was discovered by Wordfence, a cybersecurity company analyzing the WordPress ecosystem, and its researchers claim there are threat actors leveraging the flaw out there, already.
While most attacks took place in November, while the flaw was still considered a zero-day, another peak in usage was also observed on December 14, 2022.
Just two IP addresses (22.214.171.124, and 126.96.36.199) accounted for more than 20,000 exploitation attempts against almost 12,000 websites.
While WordPress itself is relatively stable (around 0.5% of all WordPress-related vulnerabilities fall on the web hosting platform itself), its ecosystem is large and as such, provides ample opportunities for exploitation. Paid add-ons, such as this one, are usually frequently updated and developers try to maintain a secure product, while free add-ons can often go for months without patches and can turn into a real nightmare for webmasters.
Whether starting a paid newsletter from scratch or taking an existing one up a notch, there’s no better time than now.
Since its debut last December, we’ve been improving WordPress.com Newsletter to meet the needs of writers and creators everywhere. Now we’re introducing a big update — the ability to add paid subscriptions and premium content, whatever plan you’re on. Including the Free plan.
Here’s the deal — you can now kickstart your newsletter without spending a penny, build your audience, and then add paid subscriptions into the mix at any point. It’s a great way to explore the shape of your newsletter without paying upfront while giving your readers a way to support your work at any point along the way. If you want to keep on growing, our paid plans provide lower transaction fees and all the features you need to manage and scale your newsletter and website.
Let your readers fuel your creativity
Paid subscriptions let your fans support your art, writing, or project directly. Once your creativity has captivated your audience, there’s a good chance some of them will gladly give something back by supporting your work financially.
And it’s not an all-or-nothing game. You can still put out free posts to grow your readership, enable one-time tips and donations, or keep some of your content exclusive to subscribers.
We’re all about giving writers and creators the power and flexibility to do things their own way.
From selecting beautiful visual themes, customizing them to make everything feel more like you, or turning your newsletter into a full-fledged website or store, you’ll save time, cut costs, and have a bunch fewer logins and browser tabs to navigate by keeping everything under one roof.
Then, as your newsletter flourishes, you can tap into a universe of plugins, themes, and design patterns with affordable upgrades, whenever the time’s right. That means you can scale smoothly from a free newsletter to one that starts helping you earn, without feeling penned in by a rigid plan or restricted features.
Kickstart your newsletter
Whether you’re thinking of starting up a paid newsletter from scratch or ready to take your existing one up a notch, there’s no better time than now.
Signing up for Newsletter is the quickest route to writing, publishing, and expanding your audience from scratch. And if you’re switching from another platform? No worries, you can bring existing subscribers along for the ride during the setup process.
Amplify an existing site with newsletter features
But you don’t need to start from zero. At WordPress.com, any site can add or become a newsletter. If you’ve been thinking about growing your audience, you’ve got the Subscribe Block Und Newsletter Patterns at your disposal to get up and running quickly. They’re the perfect duo to transform a fleeting visit into a lasting bond.
Once you’re all set up, introducing paid subscriptions or content gating to your newsletter is simple stuff. Whenever you veröffentlichen a post, just tick a box to make any post available to everyone, subscribers-only, or just the paying ones.
Set up a Stripe account to start receiving payments (or connect your existing account).
Configure your payment plan to establish your subscription fee and cadence.
Your readers will be able to pay for subscriptions directly from your site, with transaction fees as low as 10% of revenue on the Free plan, decreasing as you level up to our paid plans, down to a 0% fee on the Commerce plan. Payments are processed through Stripe and are available in the countries where Stripe is currently supported.
You’re in great company
With over 20 million emails sent out every day by WordPress.com to pretty much every country in the world, rest assured that your newsletter will land in your audience’s inbox reliably and securely. And as your audience grows, you can sit back comfortably knowing that WordPress.com is finely tuned to scale with your ambitions. However far you want to take things.
Newsletter is ever-evolving, and we’re always on the case refining the design, experience, and offerings for writers, creators, and publishers like you. We’re all ears for your ideas for our next steps in making it easier for more people to publish and earn from their work, without barriers to getting started.
Our community team recently traveled to Bangkok, Thailand to meet with longtime WordPress.com customers Karin and Nok Phisolyabut. They’re the owners of Yarnnakarn, a small arts and crafts studio that specializes in telling stories through contemporary ceramic pieces.
Part of why we love this studio, in addition to their beautiful work, is because Yarnnakarn espouses a deep commitment to sustainability and supporting their community. They continuously explore and experiment with new techniques to reduce their impact on the environment, including working with local materials and craftspeople. Rather than focusing on uniformity and quantity, they seek beauty in the flaws and imperfections innate to each natural ingredient, creating truly unique pieces.
Yarnnakarn’s work can be found all over the world and we’re thrilled that WordPress.com has helped them in that journey. Watch the video below to tour their shop, hear their story, and find out how they use their website to grow their reach.