Connect with us

WORDPRESS

Update this popular WordPress plugin immediately, thousands of users warned

Published

on

update-this-popular-wordpress-plugin-immediately,-thousands-of-users-warned

Multiple serious vulnerabilities have been fixed in popular WordPress plugin NextGEN Gallery, which has an active install base of more than 800,000 users.

As discovered by the security team at Wordfence Threat Intelligence, a previous version of the image gallery plugin suffered from two cross-site request forgery (CSRF) flaws, which opened the door to website takeover.

Researchers classified the first vulnerability as high severity and the second as critical, because it could be abused to perform both reflected cross-site scripting (XSS) and remote code execution (RCE) attacks.

WordPress plugin exploit

To exploit the vulnerable plugin, an attacker would need to hoodwink the WordPress administrator into launching a malicious link in their web browser, perhaps via a phishing attack.

If successful, the attacker would be free to introduce malicious redirects, phishing mechanisms and ultimately do whatever they liked with the compromised website.

“This attack would likely require some degree of social engineering…Additionally, performing these actions would require two separate requests, though this would be trivial to implement,” explained Wordfence in a blog post.

The NextGEN Gallery developers delivered a patch for the two bugs in December, but only circa 300,000 users have installed the necessary update so far, meaning upwards of 500,000 websites remain unprotected.

All users of the NextGEN Gallery plugin are advised to update to the latest version immediately, to safeguard against attack.

Via Bleeping Computer
(Image credit: Pixabay)

Read More

WORDPRESS

Customize Your Entire Site With New Block Themes – WordPress.com News

Published

on

Customize Your Entire Site With New Block Themes – WordPress.com News

Customize Your Entire Site With New Block Themes

Experiment with a new look for your site with themes created to take advantage of Full Site Editing.

In case you missed it, we’ve been rolling out a new set of powerful site design tools called Full Site Editing (or “FSE”) and it’s now available for all WordPress.com users!

Don’t worry if you’re just hearing about Full Site Editing for the first time. We’ve been releasing these new tools in a way that doesn’t actually require you to do anything with your existing site(s). If you are up for a change though, we’re happy to announce the launch of a brand new family of themes made specifically with Full Site Editing features in mind. As of this writing we have over two dozen themes available that support Full Site Editing.

These new themes have been designed with a wide variety of sites cases in mind. But their potential stretches well beyond their screenshots and demo sites. Because each theme is fully editable in the Site Editor, every one of these themes can be heavily customized to fit your site’s needs. You can start with theme that features single minimalist homepage, and then add as many menus and sidebars as you wish. Or, you can start with a complex business theme and strip it down to something minimal to suit your vision.

The Site Editor also includes a new feature called “Global Styles,” which allows you to edit site-wide settings for color, typography, and more. You’re free to change your theme’s default color scheme to whatever fits your mood, or even make all site text larger or smaller in a couple of clicks. To kick off this new feature, we’re also providing a few pre-built variations on some of these new themes.

All the new themes and variations can be found in the Theme Showcase. Or, if you’re starting a fresh site, they’ll be offered to you automatically in the site creation flow. This collection of themes is just the beginning, and we’re excited to continue launching a variety of diverse theme options for you. What would you like to see in the next set of themes on WordPress.com?

Source link

Continue Reading

DON'T MISS ANY IMPORTANT NEWS!
Subscribe To our Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

Trending

en_USEnglish