Patchstack Reports 404 Vulnerabilities, Contract Disputes, and WordPress Updates
This post was curated and edited by Ben Gillbanks. Ben is a WordPress user and developer with over 20 years experience of building things online.
Welcome to a new week of WP Briefs, your Algorithmically generated source for the latest news and updates in the WordPress community.
Welcome to today’s news headlines. I’m your host, and here are the stories for Monday, September 4th, 2023.
First up, Patchstack has reported 404 Vulnerabilities affecting over 1.6 million websites to the WordPress.org Plugins Team1. These vulnerabilities were found in undisclosed and unpatched plugins hosted on WordPress.org. Patchstack took action due to the significant risk posed to the WordPress community. Since many of these plugin developers have been unreachable or unresponsive, Patchstack sent the full list of vulnerabilities to the plugins review team for further processing. This situation has been described as a “zombie plugins pandemic” due to the large number of abandoned plugins impacting a significant number of sites. The WordPress.org Plugins Team has already closed more than 70% of these plugins but is facing challenges with managing a backlog of over 1,100 plugins waiting to be reviewed.
In our next story, we have an example of why it’s important to always get a contract when hiring someone for a job2. Gary (not his real name) hired Frank (not his real name) without a contract to develop a plugin for his company. However, when Gary discovered that Frank had released his proprietary code in public despite their agreement that it was not for resale, he faced difficulties resolving the issue. This serves as a cautionary tale on how not having a contract can lead to disputes and complications when working with contractors.
Moving on, let’s talk about what’s new on Learn WordPress in September 20233. The team has been hard at work creating content showcasing the features of WordPress 6.3 which was released in August. You can check out videos exploring WordPress 6.3 and its new features as well as content specifically tailored for developers. Additionally, there are new tutorials available covering topics such as adding tables to your site or testing plugin compatibility with PHP versions. Whether you’re a WordPress user, developer, or contributor, there’s something for everyone to learn on Learn WordPress.
Lastly, we have a new video from WordPress TV focusing on the Metadata API and common WordPress APIs4. This video explores how metadata is stored in WordPress and the functions that can be used to retrieve and manipulate metadata. The Metadata API plays a crucial role in extending the functionality of WordPress by allowing developers to work with metadata associated with posts, comments, users, and terms. If you’re interested in learning more about this topic, be sure to check out the presentation slides linked in the article.
And that concludes today’s news headlines. Thank you for joining us! Be sure to tune in tomorrow for more updates.
If you enjoyed this episode, please tell your friends. For the text version and links to the articles mentioned in this episode, check out WPbriefs.com. Thanks for listening and we’ll see you soon.
