Connect with us

WORDPRESS

Vulnerabilities in NextGEN Gallery Plugin Exposed Many WordPress Sites to Takeover …

Published

on

Two severe vulnerabilities in the NextGEN Gallery WordPress plugin could have exposed more than 800,000 websites to complete takeover, WordPress security company Defiant reported on Monday.

Available for more than a decade, the plugin provides users with a broad range of gallery management capabilities, such as batch upload of photos, metadata import, thumbnail editing, photo and gallery management, and more.

In December 2020, security researchers with Defiant’s Wordfence team discovered two cross-site request forgery (CSRF) vulnerabilities in the popular plugin, the most severe of which could lead to remote code execution (RCE) and stored cross-site scripting (XSS).

“Exploitation of these vulnerabilities could lead to a site takeover, malicious redirects, spam injection, phishing, and much more,” the security researchers say.

Tracked as CVE-2020-35942, the first of these issues features a CVSS score of 9.6 and affects one of the plugin’s security functions, is_authorized_request.

Because NextGEN Gallery supports the upload of custom CSS files, the vulnerability allows for the upload of arbitrary code with double extensions, such as .php.css, and have code in them executed on certain configurations, remotely. Code execution was also possible on configurations not vulnerable to double extensions, because of a “Legacy Templates” feature.

An attacker able to execute code remotely on a vulnerable website would be able to essentially take over the site. A similar result can be achieved via XSS, if a logged-in administrator visits a malicious page (which would likely require social engineering tactics).

Tracked as CVE-2020-35943, the second vulnerability is considered high severity (CVSS score of 8.8) and resides in the validate_ajax_request security function that was implemented for various AJAX actions. A logic flaw in the function would result in requests being processed if a specific parameter was missing.

“This made it possible to trick an administrator into submitting a request crafted to upload an arbitrary image file. While the uploaded file had to be a valid image file, it is possible to hide a webshell or other executable PHP code within such an image file,” Wordfence explains.

By setting the image file as Legacy Template, an attacker could combine the flaw with the previously described vulnerability and abuse it for code execution. However, the attacker would have to convince an administrator to click on a link resulting in these requests being sent.

Wordfence reported these vulnerabilities to the plugin’s publisher, Imagely, on December 14, 2020, and a patched version of the plugin was published three days later. Site admins should make sure they are running NextGEN Gallery version 3.5.0 or later, to be protected.

Related: Many WordPress Sites Affected by Vulnerabilities in ‘Popup Builder’ Plugin

Related: WordPress Malware Targets WooCommerce Stores

Related: Elementor Plugin Vulnerabilities Exploited to Hack WordPress Sites

view counterAuthor: Ionut Arghire is an international correspondent for SecurityWeek.

Read More

WORDPRESS

The 10 Best eCommerce Development Companies for Your Online Store

Published

on

shopify on a macbook

eCommerce websites need to be fast, easy to use, and great at conquering search engine results on sites like Google. But how can you achieve this without any web development experience?


Finding good eCommerce development companies is one of the best ways to solve this problem, but this creates the challenge of finding the right provider for your project. To make this easier, we’ve broken down 10 of the best web development companies across the US.


1. eFlair Webtech

Building a successful eCommerce website takes experience and expertise; two things eFlair Webtech offers in abundance. This company makes the first entry on this list thanks to its sterling reputation, an impressive portfolio, and affordable pricing, but it doesn’t stop here.

eFlair’s engineers and developers work with some of the most popular eCommerce platforms in the world. This includes WordPress (WooCommerce), Opencart, Magento, and Shopify, but it isn’t limited to these platforms. You can build just about any type of eCommerce website you need with the help of eFlair.

Alongside the company’s skills, eFlair Webtech also offers comprehensive support and aftercare for each of its projects. This means that you can get help with your eCommerce site whenever you need it, including out-of-hours thanks to eFlair’s international team.

Price is one of the most crucial factors when embarking on an eCommerce development project, and this is one area where eFlair stands out amongst its competitors. You can build your website for as little as $25 per hour with eFlair Webtech, making this the most affordable option on our list.

As well as offering excellent eCommerce development services and unparalleled customer service, eFlair can also help with app development, UI/UX design, and much more. You can book a consultation to get your development project off the ground using the contact form on eFlair’s website. This eCommerce development company boasts an impressive 4.9-star average review rating on Google.

Locations

Atlanta (USA), Vijayawada (India), and Bangalore (India)

Key Services

eCommerce web development, app development, UX/UI design

Pricing

$25 to $40 per hour

2. Bachoo

bachoo ecommerce development

Founded back in 2015, Bachoo is a great example of a modern website development company. While this company’s website is a little busy and complicated, it serves as a great showcase of the broad skillset found at Bachoo.

While Bachoo offers eCommerce website development services, this company specializes in launching new products online. This means that they can handle market research, marketing, and every other stage of your product’s launch.

Unlike other eCommerce development companies, Bachoo projects are usually built from the ground up, rather than using an existing CMS system. This makes projects more expensive, but the results are backed up by a 5-star Facebook review rating.

Locations

Los Angeles (USA)

Key Services

Product development, eCommerce development, Data analysis

Pricing

$50 to $100 per hour

3. Elogic Commerce

elogic ecommerce development site

Elogic Commerce, as its name suggests, specializes in online commerce platforms. This company works with platforms like Adobe Commerce, Shopify, and BigCommerce to offer rapid development services at a relatively low price point.

This company has been in the market for 13 years and has launched more than five hundred projects. While Elogic works fast, the quality of your website will not be compromised, with each step of the development process being carefully managed to ensure the best results. Elogic Commerce has an average Google Review score of 4.8 stars.

Locations

USA, Ukraine

Key Services

eCommerce website development, eCommerce consulting

Pricing

$50 to $100 per hour

4. Absolute Web

absolute web development

With page after page of eCommerce websites in its portfolio and 23 years of work behind it, Absolute Web is truly a veteran of the industry. This company works with Magento, Shopify, and BigCommerce to create eCommerce websites that promise to convert.

Working from the USA and Europe, this company can provide flexible support at times that suit its customers. This is great for eCommerce website owners, as it ensures that you never risk losing sales thanks to website outages. Absolute Web has an average 5-star rating on Google Reviews.

Locations

USA, Portugal, and Ukraine

Key Services

eCommerce website development, Web development

Pricing

$100 to $150 per hour

5. Magneto IT Solutions

magneto web development

Having worked with the likes of HP, Hyundai, and ESPN, Magneto IT Solutions creates high-quality eCommerce websites that are made to scale. This eCommerce development company uses Magento to build its websites, alongside a range of other useful tools that make it easier to get a steady stream of sales moving.

Locations

USA, Saudi Arabia, UK, Australia, Bahrain, and India

Key Services

eCommerce website development, Marketing

Pricing

$50 to $100 per hour

6. ITGeeks

itgeeks shopify agency

ITGeeks specializes in working with Shopify. While this can be limiting for certain eCommerce projects, it is great for those looking to use this platform. ITGeeks can make unique Shopify themes, develop add-ons for your website, and work to maintain the store you build.

This company is pricier than many of the other options on this list, but this cost comes with an average 4.8-star Google Review rating. Many eCommerce development agencies struggle to reach a review score like this.

Locations

USA and India

Key Services

Shopify website development, Shopify management

Pricing

$100 to $150 per hour

7. PurpleFire

purplefire website development

Alongside providing eCommerce web development services, PurpleFire also works to optimize the conversion rate of the sites it builds. This means that you can get a beautiful online store on Shopify, WooCommerce, or Magento, all while enjoying rapid sales growth. Like other eCommerce development agencies, PurpleFire has offices in a range of different countries.

Locations

USA, UK, Denmark, Canada, and Singapore

Key Services

Shopify website development, Marketing

Pricing

$50 to $100 per hour

8. Dedicated Developers

dedicated developers ecommerce

Dedicated Developers is one of the USA’s top eCommerce development companies. Alongside making online stores, this company can help with app and software development, as well as offering full-stack web development.

Dedicated Developers boasts an impressive 5-star average review rating on Google Reviews. Alongside the wide range of successful projects under this company’s belt, this shows that it is a good choice for anyone looking for an eCommerce website that is developed from the ground up.

Locations

USA, UK, and Australia

Key Services

Full-stack web development, app development, software development

Pricing

$50 to $100 per hour

9. GoMage

gomage website development

GoMage has an impressive website that serves as a showcase for the company’s attention to detail and design standards. Like many top eCommerce development agencies, GoMage specializes in a single CMS platform; Magento.

As well as securing a 4.9-star average review rating on Google, GoMage is also an Adobe Solution Partner. GoMage can also work on web design, consulting, website optimization, and PWA development. This company operates from Austin and Amsterdam.

Locations

USA and Netherlands

Key Services

Magento eCommerce Development

Pricing

$50 to $100 per hour

10. Caveni Digital Solutions

caveni digital solutions

Caveni Digital Solutions is the most expensive option on this list, but it also covers an extremely wide scope. This company can design and build your eCommerce website, develop a brand to go with it, and help with all of the marketing work it takes to make it popular. This is great for projects that require a full-service approach.

Based in Philadelphia, Caveni leaves a trail of positive reviews in its wake, and the company has a dense portfolio filled with great websites. This company has an average 5-star review rating on Google, making the price tag well worth it for many businesses.

Locations

USA

Key Services

Full-service eCommerce design, development, and launches

Pricing

$200 to $300 per hour

Exploring Top eCommerce Development Companies in the USA

Choosing any service provider takes research, but that doesn’t mean that you have to do it for yourself. All of the companies on this list have a 4-star or higher average on Google Reviews, while also providing excellent value for the services they provide. This makes them great choices for any company looking for eCommerce development services.

Source link

Continue Reading

WORDPRESS

Confused by cryptic web hosting terms? We’ve got the explanations you need

Published

on

Web hosting key terms written in a circle

You need a website. Every web hosting (opens in new tab) provider in the world tells you it’s so easy to make that happen. But then you look down their product and feature lists, and they’re crammed with cryptic jargon, obscure technologies and services that you don’t fully understand.

Do you need WordPress or WooCommerce (opens in new tab), for instance? Is it worth paying extra for NVMe? Is an Uptime Guarantee a feature worth having? And what is a vCore, anyway?

Source link

Continue Reading

WORDPRESS

A New Chapter for Video Uploads on WordPress.com – WordPress.com News

Published

on

A New Chapter for Video Uploads on WordPress.com – WordPress.com News

We’re excited to announce that you can now add chapter breaks to VideoPress uploads.

Today we’re excited to announce that you can now add chapter breaks to the videos you upload to your website with our VideoPress feature. Chapters offer a quick way to navigate longer videos and can be a great addition for your viewers.

Streamlined interface

We’ve built a streamlined and easy-to-use interface for your viewers to interact with video chapters. You can hover over the timeline to preview the next chapter and then simply click to navigate to it. The current chapter name is shown after the video timecode, and when you click it opens a menu to quickly jump to the start of any chapter:

How to add chapters to your videos

To add chapters to your video, all you need to do is edit its description in the block editor and add the timestamp for each chapter, followed by a title you’d like to display:

After saving, you’ll see the video block update and automatically display your chapters.

In the video below — which is a showcase for WordPress 6.1 — you can see how chapters work and look. Play around with the bottom toolbar to navigate to different chapters and bring up the chapter list.

We hope you enjoy this feature! Please share any feedback you have or an example of where you’ve used chapters for your videos. We love to see our features in action!

VideoPress is available on our WordPress.com Premium, Business and eCommerce plans. If you have a self-hosted site, check out Jetpack VideoPress to get high-quality and ad-free videos for your site.


Join 96,875,360 other subscribers

Source link

Continue Reading

Trending

en_USEnglish