Plugins

Creative SVG File Upload to Local File Inclusion Vulnerability Affecting 90,000 Sites Patched in Jupiter X Core WordPress Plugin

Plugins / ,

TLDR: Wordfence runs a Bug Bounty Program for WordPress vulnerabilities, offering rewards up to $31,200. A critical SVG Upload vulnerability was reported for the Jupiter X Core plugin (versions ≤4.8.7), allowing authenticated users to execute remote code. The issue was disclosed on January 6, 2025, and patched by January 29, 2025, with Wordfence users receiving protection earlier. Users are urged to update to version 4.8.8 to maintain site security.

https://www.wordfence.com/blog/2025/02/creative-svg-file-upload-to-local-file-inclusion-vulnerability-affecting-90000-sites-patched-in-jupiter-x-core-wordpress-plugin/

How to Speed Up Your WordPress Site: 19 Quick Fixes for Instant Results

Plugins /

Slow websites frustrate users, lower search rankings, and harm revenue. Optimizing a WordPress site for speed can be simple. Key strategies include using one-click optimization plugins, caching, reducing image sizes, utilizing CDNs, generating critical CSS, deferring JavaScript loading, minifying code, enabling GZIP compression, limiting post revisions, using system fonts, disabling hotlinking and pingbacks, cleaning up databases, switching to lighter themes, upgrading hosting, and ensuring everything is updated. Testing speed with tools like Jetpack Boost or Google PageSpeed Insights can help confirm improvements. Prioritizing site speed enhances user experience, boosts SEO, and increases conversion rates. Using Jetpack Boost simplifies the optimization process.

https://jetpack.com/resources/how-to-speed-up-wordpress/

How to Increase Maximum File Upload Size in WordPress

Plugins /

TLDR: WordPress has a default upload size limit which may hinder uploading large files. This guide explains how to check and increase this limit through methods like editing .htaccess, php.ini, wp-config.php, using hosting control panels, plugins, or contacting hosting providers. After making changes, validate the new limit by testing uploads. For efficient large file management, consider compressing files, using a CDN, and enabling GZIP. Jetpack can enhance site management and performance.

https://jetpack.com/resources/wordpress-increase-file-upload-size/

Conditional Blocks: Control Content Visibility in WordPress

Plugins /

ACF Blocks allows WordPress site owners to control content visibility using PHP templates, enabling custom visibility rules based on user roles, devices, and more without complex coding. It overcomes limitations of native WordPress visibility options, such as lack of flexibility with custom fields and user behavior. Block Visibility offers a no-code solution for dynamic content, while ACF Blocks provides PHP-based control for sophisticated conditions, making it easier for developers to manage conditional content and enhance site functionality.

https://www.advancedcustomfields.com/blog/wordpress-conditional-content/

Creating a WordPress Plugin With Cursor

Plugins / ,

Summary: The article details how to create a WordPress plugin using Cursor, an AI coding tool that supports natural language input and adheres to coding standards. It explains setting up Cursor, configuring it for WordPress, and developing a simple “Hello Homer” plugin that displays Simpsons quotes. Features like Chat, Composer, and Bug Finder are highlighted as useful for coding assistance. Though Cursor can generate functional code quickly, caution is advised on using its output in production due to potential oversights, emphasizing the need for human code review for complex, performance-critical, or security-sensitive tasks.

https://deliciousbrains.com/creating-a-wordpress-plugin-with-cursor/

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 3, 2025 to February 9, 2025)

Plugins / ,

Summary: Wordfence offers a free Bug Bounty Program for WordPress vulnerabilities, rewarding up to $31,200 per submission. Last week, 141 vulnerabilities in 132 plugins and 3 themes were disclosed. Users can access vulnerability data and use tools like the Wordfence CLI Scanner at no cost. A total of 47 vulnerabilities were patched while 94 remain unpatched. Critical vulnerabilities totaled 3. Contributors to the week included 45 researchers, with top contributors listed. A list of plugins with reported vulnerabilities is available.

https://www.wordfence.com/blog/2025/02/wordfence-intelligence-weekly-wordpress-vulnerability-report-february-3-2025-to-february-9-2025/

Advanced WP_Query Filtering and Sorting Techniques

Plugins /

TLDR: WP_Query is a WordPress class for retrieving and displaying posts based on specific criteria, allowing custom content without SQL queries. It enables filtering by categories, dates, and custom fields, and pairs well with Advanced Custom Fields (ACF) for enhanced data management. This guide covers basics to advanced uses of WP_Query, including handling custom fields, optimizing queries, and practical examples to aid WordPress developers in creating dynamic, data-rich sites.

https://www.advancedcustomfields.com/blog/wp-query/

30,000 WordPress Sites Affected by Arbitrary File Upload Vulnerability in Security & Malware Scan by CleanTalk WordPress Plugin

Plugins / ,

On Dec 7, 2024, an Arbitrary File Upload vulnerability was found in CleanTalk's Security & Malware scan plugin, affecting over 30,000 WordPress installations. It allowed attackers to upload arbitrary files and execute remote code. Lucio Sá reported it through Wordfence's Bug Bounty Program and received $1,716. CleanTalk responded quickly, releasing a patch on Jan 27, 2025. Users are urged to update to version 2.150. Wordfence provided firewall protection on Jan 14, 2025, with free users receiving it by Feb 13, 2025. The vulnerability exposes sites to severe risk, necessitating swift action to secure affected installations.

https://www.wordfence.com/blog/2025/02/30000-wordpress-sites-affected-by-arbitrary-file-upload-vulnerability-in-security-malware-scan-by-cleantalk-wordpress-plugin/

What Is a Slug in WordPress and How Can You Use It Effectively?

Plugins /

WordPress slugs are URL components that identify specific pages, impacting usability, SEO, and site structure. Proper management enhances user experience, social sharing, and site management. Best practices include using short, descriptive, lowercase slugs with hyphens, avoiding unnecessary dates, and ensuring uniqueness. Editing slugs is straightforward in the WordPress dashboard; advanced tips include using redirects and avoiding dynamic parameters. Common mistakes involve long, irrelevant slugs and frequent changes. Leveraging tools like Jetpack AI Assistant can streamline slug management and content creation.

https://jetpack.com/resources/what-is-a-wordpress-slug/

ACF Chat Fridays: Open Forum and Q&A

Plugins /

ACF Chat Fridays are monthly gatherings for the Advanced Custom Fields community, facilitating discussions on features and techniques. The February 7, 2025 session highlighted ACF 6.4 updates, block editor improvements, and custom icon support. Co-hosted by Iain Poulson and others, it covered the recent ACF version and discussed future enhancements, including WooCommerce integration and more React-based ACF components. Participants engaged in Q&A, addressing custom post types and block visibility. For the next session, register at the ACF website.

https://www.advancedcustomfields.com/blog/acf-chat-fridays-open-forum-and-qa/

Scroll to Top