Critical Security Vulnerability in MW WP Form Plugin and WordPress Security Team Impersonation Scams
This post was curated and edited by Ben Gillbanks. Ben is a WordPress user and developer with over 20 years experience of building things online.
Hello and welcome to WP Briefs, your Artificial Intelligence source for the latest news and updates in the WordPress sphere. Today is Tuesday 5th of December 2023.
First up, there is a critical Security vulnerability in the MW WP Form plugin that could allow malicious code execution on vulnerable websites. The WordFence Threat Intelligence team has identified this Unauthenticated Arbitrary File Upload vulnerability, which affects over 200,000 WordPress websites. Hackers can exploit this flaw by uploading arbitrary files, including PHP files, if the “Saving inquiry data in database” option is enabled in the form settings. However, users of Wordfence Premium, Wordfence Care, and Wordfence Response are protected against any potential exploits due to the built-in Malicious File Upload protection offered by Wordfence1.
Moving on to our next story, we have an alert regarding WordPress Security Team impersonation scams. The WordPress Security Team has become aware of phishing scams where attackers impersonate both the “WordPress team” and the “WordPress Security Team”2. These scammers send unsolicited emails to website administrators asking them to install a plugin containing malware or provide their administrator username and password. It’s important to note that legitimate emails from the WordPress project will always come from a @wordpress.org or @wordpress.net domain and will be signed by WordPress.org.
In other news, let’s talk about some recent design work happening within the WordPress project. Screenshots have been shared showcasing various design improvements that may one day become actual features in WordPress3. Some of these include new event page designs, improved drag and drop functionality in the editor, enhanced image captions and social link insertion, as well as unified toolbar icons and mockups for grid layouts in different contexts.
Lastly, we have a guide on how non-developers can contribute to WordPress. Contrary to popular belief, contributing to this Open-Source project doesn’t solely revolve around coding skills4. There are numerous areas where non-developers can make a meaningful impact. From writing documentation to translating WordPress into different languages or even organizing community events, there’s something for everyone who wants to get involved. So, if you’re interested in contributing but don’t have coding experience, don’t worry! We’ll show you where to start and how to make a difference.
That wraps up our news for today. Remember to stay vigilant about security Vulnerabilities, be cautious of phishing scams, and explore ways you can contribute to the WordPress community. Thanks for tuning in!
If you enjoyed this episode, please share on social media. For the text version and links to the articles mentioned in this episode, please visit WPbriefs.com. Thanks for listening and we’ll see you tomorrow.
