Avada Theme Version 5.1.5 Patches Stored XSS and CSRF Vulnerabilities

Theme Fusion’s Avada WordPress Theme, the highest selling theme on Themeforest for the past four years, has fixed stored XSS and CSRF vulnerabilities in its 5.1.5 release. The security issues were discovered by WP Hütte, a WordPress security blog, and the site published details of the vunlnerabilities after Theme Fusion patched its theme. Although the patched version has been available …

WordPress.com’s TV Commercials Are Confusing

In Matt Mullenweg’s 2016 State of the Word, he announced the WordPress Growth Council. The council was created as a think-tank for individuals and organizations in the WordPress community to share ideas on how best to tell WordPress’ story to grow market share. The Growth Council serves as a collaborative means to combat the more than $300M in advertising spent by competitors like …

Atom Editor Adds Git and GitHub Integration

GitHub open sourced its JavaScript-powered Atom editor in 2014 with extensibility designed to be its single-most important feature. Over the past three years, a thriving ecosystem of more than 6,000 packages to extend the editor has grown out of Atom’s open source community. GitHub estimates Atom now has 2.1 million active users. This week Atom added a major missing piece …

WordPress 4.7.5 Patches Six Security Issues, Immediate Update Recommended

WordPress 4.7.5 was released today with fixes for six security issues. If you manage multiple sites, you may have seen automatic update notices landing in your inbox this evening. The security release is for all previous versions and WordPress is recommending an immediate update. Sites running versions older than 3.7 will require a manual update. The vulnerabilities patched in 4.7.5 …

WordPress Is Now on HackerOne, Launches Bug Bounties

WordPress now has its own official HackerOne account where security researchers can responsibly disclose vulnerabilities to the security team. The project’s page was previously listed under Automattic’s profile before HackerOne launched its free community edition for open source projects. WordPress has now transitioned to its own account, which also includes sister projects BuddyPress, bbPress, GlotPress, and WP-CLI, along with all …

WPWeekly Episode 272 – Interview With James Farmer, Co-Founder and CEO of Incsub

On this episode of WordPress Weekly, I’m joined by James Farmer, co-founder and CEO of Incsub. Farmer has been involved in the WordPress community for 11 years and in that time, he and I have butted heads, mildly speaking. Last year, Farmer looked back at the last 10 years of being a WordPress entrepreneur. In that post, he shares emails and conversations he …

VersionPress 4.0 Tentatively Scheduled to Ship in September

Nealy a year ago, VersionPress 3.0 was released. This version added new search capabilities, bulk undo, and a number of bug fixes. It was the first release since it became a free, open source project. In a post on the project’s development blog, Borek Bernard, co-founder of VersionPress, describes what the team is focusing on for 4.0 which includes a tentative release …

bbPress 2.6 Beta 3 Likely as Team Focuses on Solid Data Migration Path

For the past few months, users have been testing bbPress 2.6 Beta 2. bbPress 2.6 will be the first major version update since 2014 and will include the following features: Per-forum moderators Improved favorites and subscriptions management Improved BuddyPress integration Performance improvements User experience improvements to meta-boxes and admin-area tools Tighter integration with the WordPress Dashboard Template tweaks and clean-up In …