WPBriefs - WordPress News in Shorts


#156: Tue December 05, 2023

Critical Security Vulnerability in MW WP Form Plugin and WordPress Security Team Impersonation Scams

Binary Moon Avatar This post was curated and edited by Ben Gillbanks. Ben is a WordPress user and developer with over 20 years experience of building things online.

Critical security vulnerability in MW WP Form plugin, WordPress Security Team impersonation scams, design improvements, and non-developer contribution guide in today's news roundup. Stay informed and get involved in the WordPress community!

Hello and welcome to WP Briefs, your Artificial Intelligence source for the latest news and updates in the WordPress sphere. Today is Tuesday 5th of December 2023.

First up, there is a critical Security vulnerability in the MW WP Form plugin that could allow malicious code execution on vulnerable websites. The WordFence Threat Intelligence team has identified this Unauthenticated Arbitrary File Upload vulnerability, which affects over 200,000 WordPress websites. Hackers can exploit this flaw by uploading arbitrary files, including PHP files, if the “Saving inquiry data in database” option is enabled in the form settings. However, users of Wordfence Premium, Wordfence Care, and Wordfence Response are protected against any potential exploits due to the built-in Malicious File Upload protection offered by Wordfence1.

Moving on to our next story, we have an alert regarding WordPress Security Team impersonation scams. The WordPress Security Team has become aware of phishing scams where attackers impersonate both the “WordPress team” and the “WordPress Security Team”2. These scammers send unsolicited emails to website administrators asking them to install a plugin containing malware or provide their administrator username and password. It’s important to note that legitimate emails from the WordPress project will always come from a @wordpress.org or @wordpress.net domain and will be signed by WordPress.org.

In other news, let’s talk about some recent design work happening within the WordPress project. Screenshots have been shared showcasing various design improvements that may one day become actual features in WordPress3. Some of these include new event page designs, improved drag and drop functionality in the editor, enhanced image captions and social link insertion, as well as unified toolbar icons and mockups for grid layouts in different contexts.

Lastly, we have a guide on how non-developers can contribute to WordPress. Contrary to popular belief, contributing to this Open-Source project doesn’t solely revolve around coding skills4. There are numerous areas where non-developers can make a meaningful impact. From writing documentation to translating WordPress into different languages or even organizing community events, there’s something for everyone who wants to get involved. So, if you’re interested in contributing but don’t have coding experience, don’t worry! We’ll show you where to start and how to make a difference.

That wraps up our news for today. Remember to stay vigilant about security Vulnerabilities, be cautious of phishing scams, and explore ways you can contribute to the WordPress community. Thanks for tuning in!

If you enjoyed this episode, please share on social media. For the text version and links to the articles mentioned in this episode, please visit WPbriefs.com. Thanks for listening and we’ll see you tomorrow.

  1. Update ASAP! Critical Unauthenticated Arbitrary File Upload in MW WP Form Allows Malicious Code Execution 

  2. Alert: WordPress Security Team Impersonation Scams 

  3. Design Share: Nov 20-Dec 1 

  4. How to Contribute to WordPress as a Non-developer 

Spotify Podcasts logo Spotify Podcasts Apple Podcasts logo Apple Podcasts Google Podcasts logo Google Podcasts Podcast RSS Feed logo Podcast RSS Feed Text RSS Feed logo Text RSS Feed

Related Posts

#120: Mon October 16, 2023

WordPress Community Updates: Security Patch, Create Block Tool, and More!

#54: Fri July 14, 2023

DEIB Team Proposal, Metadata API Improvements, Headless WP Guide, Image Enhancements

#119: Fri October 13, 2023

WordPress Vulnerabilities, Malware Threats, and Security Updates

#84: Fri August 25, 2023

New WordPress 6.4 Theme, Learn WordPress with Code, Vulnerability Report, NASA Partnership

#104: Fri September 22, 2023

WordPress News Roundup: Plugin Reviews, Curriculum Development, and Security Vulnerabilities

#149: Fri November 24, 2023

State of Developer Ecosystem, Conference Speaking Experiences, & WordPress Vulnerability Report