Tag: plugins

wpDiscuz Plugin Fixes Critical Arbitrary File Upload Vulnerability

wpDiscuz Plugin Fixes Critical Arbitrary File Upload Vulnerability

Plugins, Security
wpDiscuz version 7 is a revolutionary perspective on the commenting world! This plugin is designed to change your website commenting experience and provides you with new user engagement features. On June 19th, the WordFence Threat Intelligence team discovered a vulnerability present in Comments – wpDiscuz, a WordPress plugin that is installed on over 80,000 sites. This flaw allowed unauthenticated attackers the ability to upload arbitrary files, including PHP files, and achieve remote code execution on a vulnerable site’s server. This vulnerability was introduced in the plugin’s latest major version update which is considered a critical security issue that could lead to remote code execution on a vulnerable site’s server. If you are running any version from 7.0.0 to 7.0.4 of this plu
How to link your images using custom links in WordPress

How to link your images using custom links in WordPress

Plugins, Tips
Images and other media give a website an added aesthetic value, thus generating more interest and visual appeal to your website. You can imagine a blog without featured images. However minimalistic a website is, photos always play a big role therefore images with custom links are a welcome addition. How then do you do if you want to add links to images in a WordPress gallery? WordPress by default doesn’t have this option available therefore if you want each image to link to a different page or post, you might not be able to do it. I would also suggest that you should not try to modify your code to make this possible, you might end up breaking the site more. How to install, manage and uninstall or delete a WordPress Plugin It is possible to hotlink your images using a pretty simple
Top Free WordPress Floating Menu Plugins for your website

Top Free WordPress Floating Menu Plugins for your website

Plugins
Floating Menu style has started to become a sort of trend. One of our clients was looking to use one for their blog. Nowadays most of the websites starting to implement this since it allows users to scroll up or down remaining visible for navigation. The Floating Menu plugins have been developed to ensure that your website's navigation bar is always floating, ready to be clicked. Such plugins can be used for the main menu, post categories, donor or partner’ menus, social icons, etc so that your user's without the need to scroll up or down could directly go the menu with just a click. Here are some of the top Free WordPress Floating Menu Plugins that we found in our research. They come with many useful features and perfect for building an amazing. So, list them below; WP Floating M
5 Most Common Ways WordPress Websites Break

5 Most Common Ways WordPress Websites Break

Plugins, Themes
WordPress remains among the largest CMS ecosystems with plenty of support forums and this makes it one of the most user-friendly and trouble shootable platforms ever when having problems with the WordPress websites. However with all these, things always sometimes break, As Murphy's law states, Anything that can go wrong will go wrong. Being a stable yet super complex system with tools to simultaneously serve your content, manage customer transactions, and other large amounts of data mean sometimes it's bound to lose its self. We have narrowed down some the most common ways WordPress sites break down, here is how that happens: 1. Installing too many plugins Being a platform of choice, WordPress tends to get its users tonnes of plugins to manage all sorts of things, be it block edito...
How to Find Out Which WordPress Plugins a Website uses

How to Find Out Which WordPress Plugins a Website uses

Plugins
Our previous post covered how to find out which WordPress theme or template a website uses and how to find out if a website is using WordPress CMS. Today we would like to learn how to find out which plugins are installed in a WordPress-powered website. Perhaps you have checked out the website and like some features and functionalities and you would like to use/replicate them on your own website only if you could tell which plugins are running the backend. However you must also know that not all such functionalities will be produced by plugins, sometimes it could be  custom code or built in theme tools. So here is the guide to tell which WordPress Plugins a website uses Automated detection tools This is by far the easiest way to tell or find out which plugins a website uses is b
How to fix Broken Themes: Incomplete, Stylesheet is missing WordPress errors

How to fix Broken Themes: Incomplete, Stylesheet is missing WordPress errors

Themes
When installing or updating your WordPress website, sometimes you get may get theme missing or stylesheet is missing errors. This would at times mean that your uploaded theme, wont load as expected when you go to Appearance > Themes  page what you usually get is Broken Themes The following themes are installed but incomplete. Stylesheet is missing. Other errors might be experienced as : broken theme stylesheet is missing WordPress theme stylesheet is missing, the package could not be installed the theme is missing the style css stylesheet the following themes are installed but incomplete With WordPress, Themes usually must have a stylesheet and a template.  This means that you have to ensure that your zipped theme folder has the style.css. Therefore always make su
InfiniteWP Client Plugin Critical Authentication Bypass Vulnerability affecting 300,000+ WordPress sites!

InfiniteWP Client Plugin Critical Authentication Bypass Vulnerability affecting 300,000+ WordPress sites!

Plugins, Security
A vulnerability has been discovered in the InfiniteWP Client plugin versions 1.9.4.4 or earlier. InfiniteWP Client is currently installed on over 300,000 WordPress sites. The InfiniteWP Client plugin works by allowing a central management server to authenticate to the WordPress installation so that site owners can manage the site. From a central location, site owners can perform maintenance such as one-click updates for core, plugins, and themes across all sites, backup and site restores, and activating/deactivating plugins and themes on multiple sites simultaneously. The InfiniteWP Client plugin authenticates the central management server to each WordPress installation. Read our posts on WordPress Security here This is a critical authentication bypass vulnerability  so far, the WordP
Top Usefull 2020 WordPress Predictions & Trends to Watch Out For

Top Usefull 2020 WordPress Predictions & Trends to Watch Out For

Tips, Plugins, Themes
It is surely that time of the year fit to give 2020 WordPress predictions and a map of how we think this year will fair in the world of WordPress. Indeed no doubt WordPress claims the crown for the most growing, widely used and trusted content management system for web design and development and commands of 34% of all the websites on the Internet and at a market share of 60.8% in the content management system domain. Its growth is truly phenomenal and inspiring, to think it has beat the likes of Joomla, Drupal, Laravel, Wix, Grav ButterCMS, Ghost and Squarespace is mighty astounding. WordPress has played the major role of being the go-to CMS and due to east of use id helping the users to build their websites. WordPress also is best at innovating has always looked into integrating new...
Email Subscribers & Newsletters Plugin fixes multiple vulnerabilities affecting over 100,000 websites

Email Subscribers & Newsletters Plugin fixes multiple vulnerabilities affecting over 100,000 websites

Plugins, Security
The WordFence Threat Intelligence team recently uncovered multiple vulnerabilities in the Email Subscribers & Newsletters, a WordPress plugin with approximately 100,000+ active installs. These were then disclosed the plugin’s development team who responded quickly and released interim patches just a few days after our initial disclosure. The plugin team also worked with them to implement additional security measures. The vulnerabilities include: Unauthenticated File Download w/ Information Disclosure, Blind SQL Injection in INSERT statement, Insecure Permissions on Dashboard and Settings, Cross-Site Request Forgery on Settings, Send Test Emails from the Administrative Dashboard as an Authenticated User [Subscriber+], Unauthenticated Option Creation. Unauthenticated File Download
WP-VCD: Have you Malware infected your WordPress site using pirated plugins and themes?

WP-VCD: Have you Malware infected your WordPress site using pirated plugins and themes?

Security, Themes
At WP Chase we encourage our readers to always install plugins and themes on their WordPress sites from legit sources, that means you can either purchase or use free themes or plugins from the WordPress main site or purchase from known developers. Today we talk about WP-VCD. Some site owners take a short cut and download pirated themes or plugins, what this does is open your website to become a hacking and malware trojan horse. So your visitors will become victims without your knowledge. WordPress security provider WordFence has today released a new finding about one of the most prevalent malware infections facing the WordPress ecosystem in recent weeks is a campaign known as WP-VCD. Despite the relatively long existence of the campaign, the Wordfence threat intelligence team has ass...