WordPress related news.

When something interesting happens in the WordPress world, we post it here. From security patches to Major new releases.

 

WordPress Plugin vulnerabilities – Rich Reviews and GiveWP.

If you installed any of these two WordPress Plugins:

  • GiveWP
  • Rich Reviews

.

Please update or remove them immediately from your WordPress site.
The two plugins have vulnerabilities that will allow hackers to either place malicious code on your site to infect your visitors or even gain access to your WordPress website and take full control.

If you are unsure how to do this, please contact our support team for help.

In addition, if you are using one of those two plugins, have HelpingHost.com support review your WordPress site to make sure no backdoors or users were installed.

 

WordPress Plugin – Yuzo Related Posts – is vulnerable to malware.

If you are using the Yuzo Related Posts WordPress plugin, please remove it from your WordPress installation ASAP.

We are starting to see customer websites that are using the plugin being redirected to malware websites.

There is currently NO PATCH available. Which means you HAVE TO remove the plugin.

Without going into to much detail:
The attacker calls this vulnerable plugin with certain parameters that in turn inserts code into the options of this plugin. That code currently seems to be javascript code that performs the various redirects to malware.

We have started to pro-actively implement additional protection into our Intrusion detection system to reduce the chance of a successful attack.
We have also began to scan all customers websites for this plugin and remove it if found. However, we of course prefer for you to login to your WordPress admin and remove it yourself as soon as possible.

If you have any questions or need help, please contact our support team as usual.

WordPress 3.3 has arrived

WordPress 3.3 was just released over at WordPress.org.
The HelpingHost.com automated script installers are getting this latest version of WordPress over the next 24 hours after which you will be able to either update your current WordPress or create a new WordPress install using WordPress 3.3

Please remember to update your plugins first and make sure they are compatible with WordPress 3.3.
Do not forget to use the backup function within our Softaculous installer so you can revert easily just in case something went wrong!
The WordPress team is reporting that version 3.3 includes user interface improvements as well as new Developer features worth looking into.