Plugins

Three critical vulnerabilities found in Ultimate member plugin

Three critical vulnerabilities found in Ultimate member plugin

Security, Plugins
Three critical privilege escalation vulnerabilities have been discovered in the Ultimate Member plugin that exposed over 100,000 websites to hacking risk. These loopholes made it possible for attackers to breach and escalate their privileges to those of an administrator and leading to a forced take over a WordPress site. Ultimate Member is a widely used WordPress plugin that enhances user registration and account control on WordPress websites. This plugin also enables site owners to create custom roles and manage the privileges of site members. The plugin thus automatically creates three forms: user registration, user login, and user profile management as part of its functionality. How the vulnerabilities in Ultimate member plugin risked your website This flaw which was detected by th...
Quiz and Survey Master Plugin 2 Critical Vulnerabilities Patched

Quiz and Survey Master Plugin 2 Critical Vulnerabilities Patched

Security, Plugins
The WordFence Threat Intelligence team detected two vulnerabilities in Quiz and Survey Master (QSM), a WordPress plugin that is installed on over 30,000 sites. These flaws made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution, as well as delete arbitrary files like a site’s wp-config.php file which could effectively take a site offline and allow an attacker to take over the vulnerable site. How Quiz and Survey Master is used in WordPress The Quiz and Survey Master is used in WordPress to add quizzes and surveys to sites. One of its features allows site owners to implement file uploads as a response type for a quiz or survey, which could be useful in a number of scenarios, such as a job application questionnaire with a PDF resume upl
Flaw on the Official Facebook Chat Plugin enabled Social Engineering Attacks

Flaw on the Official Facebook Chat Plugin enabled Social Engineering Attacks

Security, Plugins
A flaw in The Official Facebook Chat Plugin made it possible for low-level authenticated attackers to connect their own Facebook Messenger account to any site running the vulnerable plugin and engage in chats with site visitors on affected sites. This WordPress plugin is currently installed on over 80,000 sites. What is the Facebook Chat plugin The Official WordPress Facebook Chat plugin is a very simple plugin that is used to add a “Facebook Messenger” chat pop-up to any WordPress site and connect a site owner’s chosen Facebook page to receive messages and interact with site visitors. This vulnerability could be exploited and easily go undetected by a site owner, causing site visitors to interact with an attacker instead of the site owner. Exploit attempts targeting this vulnerabilit
Divi, Extra, and Divi Builder Plugin Critical Vulnerability Exposes over 700,000 Sites

Divi, Extra, and Divi Builder Plugin Critical Vulnerability Exposes over 700,000 Sites

Security, Plugins, Themes
The WordFence Threat Intelligence team has discovered a vulnerability present in two themes by Elegant Themes, Divi and Extra, as well as Divi Builder, a WordPress plugin. Combined, these products are installed on an estimated 700,000 sites. This flaw gave authenticated attackers, with contributor-level or above capabilities, the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. They have now been patched and the flaw has been fixed. Elegant Themes is the creator behind one of the most popular premium themes, Divi. One of the features of the Divi theme is that it comes with the Divi Page Builder that makes the site design and editing process easy and customizable. In addition to the Divi theme, Elegant Themes offe
Elementor and LearnDash intergration for easier online course customization

Elementor and LearnDash intergration for easier online course customization

Plugins
LearnDash LMS has announced a collaboration with Elementor page builder to create an integration that allows for easier online course customizations. This setup means that LearnDash design elements which were previously difficult or impossible to customize are now easily editable to match your website brand with Elementor, this includes the color scheme and event font choices! This now prevents your website from having elements that look different from the rest of the theme can give sites a less polished finish.  A good website is where your visitors and users can differentiate between the plugin and the rest of the site. This integration makes that a possibility. Getting started with the Elementor integration for LearnDash. The new integration is part of our Compatibility Add-on
How to disable Feedback Comments on WordPress to prevent BOT spam

How to disable Feedback Comments on WordPress to prevent BOT spam

Tips, Plugins
Lately, WordPress website owners have been receiving hundreds or even up to a thousand feedback comments per day. Most of these are annoying BOT generated spam. Disabling feedback comments could be one of the methods to prevent this, however, you might end up blocking even those legitimate comments/feedback, thus that is not a good enough option anymore. Users who have the Jetpack contact form feature enabled can disable people from commenting, but then still get a great nuisance of spammy comments coming through from the "feedback" form. The hidden form feature is usually enabled by default, and this blog post does thus just that, show you how to turn it off. Let us get right into it, How To Disable Feedback Comments from spammy bots on Wordpress.org To access the feature, g...
wpDiscuz Plugin Fixes Critical Arbitrary File Upload Vulnerability

wpDiscuz Plugin Fixes Critical Arbitrary File Upload Vulnerability

Plugins, Security
wpDiscuz version 7 is a revolutionary perspective on the commenting world! This plugin is designed to change your website commenting experience and provides you with new user engagement features. On June 19th, the WordFence Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin that is installed on over 80,000 sites. This flaw allowed unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. This vulnerability was introduced in the plugin’s latest major version update which is considered a critical security issue that could lead to remote code execution on a vulnerable site’s server. If you are running any version from 7.0.0 to 7.0.4 of this plu
How to Disable Slider Revolution on Mobile Phones and Tablets

How to Disable Slider Revolution on Mobile Phones and Tablets

Plugins, Tips
Slider Revolution is a WordPress Builder Plugin used to build rich & dynamic content for your websites. It comes with powerful visual editor, here you can create modern designs in no time, and with no coding experience required. You are able to create Sliders & Carousels, Hero Headers, Content Modules, Full Websites, Dynamic Solutions, and Special FX with amazing Add-Ons. They also have a library of 200+ templates included in their online library. Cutting edge designs. Easily customized. When using the slider revolution, sometimes users would like to hide or disable the slider when the user uses a mobile or tablet. Here is how to hide or disable the Slider on mobile phones and tablets. Quick Steps: Go to Dashboard >> Slider Revolution >> (select desired slid...
How Install Google Web Stories WordPress Plugin

How Install Google Web Stories WordPress Plugin

Plugins
Guys, we love it when we can showcase new developments. We have a new exciting update from Google. If you have been using social media, you will notice a new trend, yes you guessed it, STORIES. Everyone is trying to have stories, From Snapchat, WhatsApp, Facebook, Tiktok, you name it. And now Google has a new plugin in Beta (still under development and test), it is called the Google Web Stories WordPress Plugin. Google Web Stories introduces your readers into a fast-loading full-screen experience. You can easily create visual narratives, with engaging animations and tappable interactions. The Web Story format (formerly known as AMP Stories) is free and part of the open web and are available for everyone to try on their websites. They can be shared and embedded across the web without ...
All in One SEO Pack plugin Vulnerability Affects 2 Million Users

All in One SEO Pack plugin Vulnerability Affects 2 Million Users

Plugins, Security
The WordFence Threat Intelligence team has discovered a vulnerability in the All In One SEO Pack WordPress plugin that is currently installed on over 2 million sites. All In One SEO Pack is a plugin that provides several search engine optimization (SEO) enhancing features to help rank a WordPress site’s content higher on search engines. As part of its functionality, it allows users that have the ability to create or edit posts to set an SEO title and SEO description directly from a post as it is being edited. This makes it easier for post creators to improve the SEO of posts as they are writing them. This feature is available to all users that can create posts, such as contributors, authors, and editors. Unfortunately, the SEO metadata for posts, including the SEO title and SEO descr