Gutenberg 19.1 Introduces Plugin Template Registration API

Gutenberg 19.1 has arrived, introducing the eagerly anticipated plugin template registration API and updates to image caption styles. This Gutenberg version will be later incorporated into WordPress 6.7. The highlight of this release is the plugin template registration API. It addresses a long-standing issue developers have faced with conflicts between plugins and themes, particularly when dealing with custom post types, …

Registrations Open for WordPress Accessibility Day 2024

Registrations are now open for WordPress Accessibility Day 2024, scheduled for October 9-10, 2024. This nonprofit, free, 24-hour global event is on a mission “to demystify website accessibility for WordPress developers, designers, content creators, and users so that they can build websites that work for everyone.” Initially launched in 2020 by the WordPress Core Accessibility Team, the event is now …

Remote Code Execution Vulnerability Patched in WPML WordPress Plugin

The popular WordPress Multilingual plugin, WPML, which is installed on over 1,000,000 websites, has patched a Remote Code Execution (RCE) vulnerability (CVE-2024-6386) that researchers have classified as “Critical,” with a CVSS score of 9.9. Users are strongly advised to update their websites to the patched version, WPML 4.6.13. Security researcher Mat Rollings (stealthcopter) discovered and reported the vulnerability through the …

WordPress Community Team to Retire CrowdSignal for Jotform

The WordPress Community Team has announced plans to retire CrowdSignal in September 2024 in favor of Jotform for post-event attendee surveys. Automattic-sponsored Community Engagement Specialist Isotta Peira has shared more details about the decision and the future plans.  Why the Change? CrowdSignal (previously Polldaddy), owned by Automattic, has been used by the community to collect responses, including at large events …

Record Bounty Awarded as Critical Privilege Escalation Vulnerability Patched in LiteSpeed Cache Plugin

The LiteSpeed Cache Plugin, widely used to enhance the speed and performance of WordPress websites, recently patched a critical unauthenticated privilege escalation vulnerability (CVE-2024-28000). With over 5 million active installations, this plugin is a critical tool for many WordPress users. John Blackbourn, a member of the Patchstack Alliance community, reported the vulnerability and was awarded $14,400, marking the highest bounty …

Jamie Marsland Joins Automattic as Head of WordPress YouTube

Jamie Marsland, a well-known figure in the WordPress community, has officially joined Automattic as the Head of WordPress.org YouTube. Previously, he had collaborated with WordPress.com on a series of YouTube videos titled ‘build and beyond.’ In the official announcement, the Executive Director of WordPress, Josepha Haden Chomphosy, said, “ Jamie’s extensive experience in the WordPress community and his passion for …

WordCamp Asia Extends Speaker Application Deadline to September 8, 2024

The WordCamp Asia organizing team has extended the speaker application deadline to September 8, 2024. This extension aims to give more WordPress enthusiasts the opportunity to apply for the prestigious event. One of the three flagship WordCamps, WordCamp Asia, will be held at the Philippine International Convention Center in Manila, Philippines, from February 20 to 22, 2025. Interested speakers can …

Critical Vulnerability Patched in GiveWP Plugin

GiveWP, a popular donation plugin for WordPress, has patched an unauthenticated PHP Object Injection to Remote Code Execution vulnerability that could be exploited to execute arbitrary code remotely and delete files. This plugin from the Liquid Web family of products has 100k+ active installs.  villu164 (Villu Orav) reported the vulnerability through the Wordfence Bug Bounty Program and netted a bounty …