WPBriefs - WordPress News in Shorts


#90: Mon September 04, 2023

Patchstack Reports 404 Vulnerabilities, Contract Disputes, and WordPress Updates

Binary Moon Avatar This post was curated and edited by Ben Gillbanks. Ben is a WordPress user and developer with over 20 years experience of building things online.

Patchstack reports 404 vulnerabilities in WordPress plugins, Learn WordPress releases new content, and a cautionary tale on hiring without a contract.

Welcome to a new week of WP Briefs, your Algorithmically generated source for the latest news and updates in the WordPress community.

Welcome to today’s news headlines. I’m your host, and here are the stories for Monday, September 4th, 2023.

First up, Patchstack has reported 404 Vulnerabilities affecting over 1.6 million websites to the WordPress.org Plugins Team1. These vulnerabilities were found in undisclosed and unpatched plugins hosted on WordPress.org. Patchstack took action due to the significant risk posed to the WordPress community. Since many of these plugin developers have been unreachable or unresponsive, Patchstack sent the full list of vulnerabilities to the plugins review team for further processing. This situation has been described as a “zombie plugins pandemic” due to the large number of abandoned plugins impacting a significant number of sites. The WordPress.org Plugins Team has already closed more than 70% of these plugins but is facing challenges with managing a backlog of over 1,100 plugins waiting to be reviewed.

In our next story, we have an example of why it’s important to always get a contract when hiring someone for a job2. Gary (not his real name) hired Frank (not his real name) without a contract to develop a plugin for his company. However, when Gary discovered that Frank had released his proprietary code in public despite their agreement that it was not for resale, he faced difficulties resolving the issue. This serves as a cautionary tale on how not having a contract can lead to disputes and complications when working with contractors.

Moving on, let’s talk about what’s new on Learn WordPress in September 20233. The team has been hard at work creating content showcasing the features of WordPress 6.3 which was released in August. You can check out videos exploring WordPress 6.3 and its new features as well as content specifically tailored for developers. Additionally, there are new tutorials available covering topics such as adding tables to your site or testing plugin compatibility with PHP versions. Whether you’re a WordPress user, developer, or contributor, there’s something for everyone to learn on Learn WordPress.

Lastly, we have a new video from WordPress TV focusing on the Metadata API and common WordPress APIs4. This video explores how metadata is stored in WordPress and the functions that can be used to retrieve and manipulate metadata. The Metadata API plays a crucial role in extending the functionality of WordPress by allowing developers to work with metadata associated with posts, comments, users, and terms. If you’re interested in learning more about this topic, be sure to check out the presentation slides linked in the article.

And that concludes today’s news headlines. Thank you for joining us! Be sure to tune in tomorrow for more updates.

If you enjoyed this episode, please tell your friends. For the text version and links to the articles mentioned in this episode, check out WPbriefs.com. Thanks for listening and we’ll see you soon.

  1. Patchstack Reports 404 Vulnerabilities Affecting 1.6M+ Websites 

  2. Plugins: Always Get a Contract 

  3. Learn WordPress Newsletter – September 2023 

  4. New video from WordPress TV: Common WordPress APIs: Metadata API 

Spotify Podcasts logo Spotify Podcasts Apple Podcasts logo Apple Podcasts Google Podcasts logo Google Podcasts Podcast RSS Feed logo Podcast RSS Feed Text RSS Feed logo Text RSS Feed

Related Posts

#99: Fri September 15, 2023

WordPress News: Plugin Ranking Concerns, DOM Size Issue, WooCommerce Update, and More

#104: Fri September 22, 2023

WordPress News Roundup: Plugin Reviews, Curriculum Development, and Security Vulnerabilities

#103: Thu September 21, 2023

WordPress.com Plugin Pages Updated, Swiss Data Protection Law, Vulnerabilities Disclosed

#98: Thu September 14, 2023

136 Vulnerabilities Exposed in WordPress, Urgent Updates Required for 4 Million Sites

#120: Mon October 16, 2023

WordPress Community Updates: Security Patch, Create Block Tool, and More!

#54: Fri July 14, 2023

DEIB Team Proposal, Metadata API Improvements, Headless WP Guide, Image Enhancements