DOM-Based XSS Vulnerability Impacts Millions of WordPress Users

wpdaily

A WordPress security vulnerability has been discovered which could affect millions of WordPress users. The problem, spotted by security firm Sucuri, has been identified as a DOM-based Cross-Site Scripting (XSS) vulnerability. If you want to learn more about the technical side of the vulnerability, this is a great resource by Acunetix. The vulnerability relates to the genericon package; specifically the example.html file. Any theme or plugin that uses this example.html file is potentially vulnerable—if any … Check out the source»

XSS Vulnerability in Jetpack and the Twenty Fifteen Default Theme Affects Millions of WordPress Users

wptavern

Jetpack and the Twenty Fifteen default theme have been updated after a DOM-based Cross-Site Scripting (XSS) vulnerability was discovered. According to Sucuri, any plugin or theme that uses Genericons is vulnerable due to an insecure file included within the package. Genericons ships with a file called example.html which is vulnerable to attack from the Document Object Model level or DOM for short. The Open Web Application Security Project defines a DOM based attack as: DOM … Check out the source»

Adding a Microblog within Your WordPress Blog

wpdaily

I take blogging pretty seriously. When I write a post it has a very specific purpose and tends to be pretty long. I think this strategy has a lot to do with my success; but it has also raised the stakes on blogging to the point where I no longer have a container for a few hundred words I’d like to share. By container I mean a place to publish content longer and more permanent than … Check out the source»

Andrew Nacin on Challenging WordPress Assumptions

wptavern

WordPress lead developer Andrew Nacin spoke at the php[world] 2014 conference on “Challenging Your WordPress Assumptions from 2009.” The video was recently published on YouTube and provides an excellent overview of the major ways WordPress has changed over the past six years. Nacin explores common assumptions, such as “WordPress is insecure,” “WordPress doesn’t scale,” and “WordPress is not OOP,” among others. Some of these assumptions are false, some are true, some used to be true … Check out the source»

Inside BuddyBoss with Michael Eisenwasser

wptavern

Over the past couple years, BuddyBoss has emerged as a leader in the BuddyPress products marketplace. Founder Michael Eisenwasser launched the business in 2010 after discovering BuddyPress while building an international job site to help online workers find employment. “BuddyPress blew me away,” Eisenwasser said. “It allowed for a sophisticated and fully customizable membership site while still benefiting from the WordPress ecosystem. We launched our online community almost overnight, and a year later 30,000 people … Check out the source»

OptinMonster App: A New Multi-platform Direction for the Popular WordPress Plugin

wpdaily

The OptinMonster team has announced big changes to the popular lead generation plugin. Going forward, OptinMonster will be exclusively available as a stand-alone SaaS lead generation software—the OptinMonster App. The changes mean that OptinMonster can now be used by non-WordPress users—Drupal, Joomla, Shopify, and Magento users can all install OptinMonster on their websites. (Of course, WordPress users will still be able to use OptinMonster, too.) Current OptinMonster users should be aware that the existing WordPress plugin … Check out the source»

40 best free icon sets, Spring 2015

webdesignerdepot

Whether you’re building a new website, a new app, or a dashboard, you can’t do without great icons. The Web is in love with icons, they’re used everywhere from apps to responsive sites, all because they pack information into a small space. And because each set of icons is unique, you can give a different voice to a design, just by switching between sets. Today we’ve put together the best icon sets so far from … Check out the source»

The WPLift Roundup of the Best Free WordPress Themes May 2015

wplift

There seems to have been something in the air this month in the theme directory – so many great new themes to choose from! In this month’s roundup we have over 20 great looking themes to choose from. I had to of my own themes listed which I have included below but there were so The post The WPLift Roundup of the Best Free WordPress Themes May 2015 appeared first on WPLift.

Adding Premium Upgrades to Your Multisite Network with Pro Sites

wpmu

Our Pro Sites plugin is a popular choice for Multisite admins who want to offer premium upgrades to their users. After all, it is one of the most effective ways to make money with your network. With Pro Sites, there’s no reason why you couldn’t set up your own profitable hosting network like Edublogs.org or WordPress.com and charge for services like: Ad-free blogs Bulk upgrades BuddyPress features Offer blogging as an upgrade Set Post and/or … Check out the source»

Invaluable Experience: Top 20 HTML5 Templates for Free

wpmayor

Many believe that nothing in this world comes for free. And, probably, this is true as every action takes either time or money. However, when spending them, you get valuable experience that you can later use in life. Being a wise spender is a skill to be learned. If you want to be truly effective, you need to constantly prioritize and thoroughly plan the way you spend your time. It may take ages to master … Check out the source»