During an internal audit of the Smash Balloon Social Post Feed plugin (also known as Custom Facebook Feed), we discovered several sensitive AJAX endpoints were accessible to any users with an account on the vulnerable site, like subscribers. Some of these endpoints could enable Stored Cross-Site Scripting (XSS) attacks to occur.
A successful Stored XSS attack could enable bad actors to store malicious scripts on every post and page of the affected site. If a logged-in administrator visits one of the affected URLs, the script may run on their browser and execute administrative actions on their behalf, like creating new administrators and installing rogue plugins.
We reported the vulnerabilities to this plugin’s author via email, and they recently released version 4.0.1 to address them. We strongly recommend that you update to the latest version of the Smash Balloon Social Post Feed plugin and have an established security solution on your site, such as Jetpack Security.
Continue reading → Security Issues Patched in Smash Balloon Social Post Feed Plugin
Today, we are excited to announce a new way to distribute Jetpack products to your clients. We designed an all-new licensing portal to address the needs of agencies, implementers, and other web professionals. If you manage multiple WordPress websites, we think this program will be perfect for your needs.
Continue reading → Announcing Jetpack Licensing for Agencies and Professionals
You’ve built your store, filled it with amazing products, and fine-tuned your marketing and logistics. This is a huge accomplishment, but it doesn’t mean it’s time to kick up your feet and relax.
It might be tempting to shift your focus to the creative side of running your business. Launching new products and developing clever marketing campaigns can be a lot more fun than optimizing database tables and staying on top of SEO. But, just like in a brick and mortar store, your online shop requires ongoing maintenance in order to keep things running smoothly.
Continue reading → Ecommerce Website Maintenance: How to Maintain Your Store
For more than ten years, Jetpack has been regarded as the ultimate all-in-one toolkit for WordPress sites. With more than five million active installations, it provides a single plugin to make sites faster and safer, while providing more traffic. And it eliminates the need to search for dozens of different plugins, vet their quality, install them, make sure they don’t conflict, and remember to update them.
But we also appreciate that the WordPress community is incredibly diverse and that everyone’s needs are unique. Many developers and site owners asked for the flexibility to use specific components of Jetpack as part of their own, custom-built “tech stack” of plugins. We listened.
“This project came as a direct result of feedback from the community,” says Backup Team Lead William Viana. “We’ve gotten such a positive response about Jetpack Backup. But whenever we ask for suggestions, people always ask if they can install Backup by itself. Now, I’m excited to say you can.”
Continue reading → Meet Jetpack Backup: Now as a Standalone Plugin
A medical practice website is an essential tool for any healthcare provider. It can be used to share resources with patients, demonstrate your expertise, and spread the word about your services. It can also be instrumental in managing billing and payments, scheduling appointments, and granting patients access to their medical records.
To best serve existing and future patients, you’ll want to carefully plan your website’s features and content. If you’re a healthcare provider or a website developer that doesn’t have experience building medical practice websites, you may want to enlist the help of a developer who specializes in this area so you can be assured that ADA, HIPAA, and other compliance requirements are met.
Whether you build your site yourself or hire a developer to do it for you, include the following 13 features to maximize the benefits for your patients and business:
Continue reading → 13 Things Every Medical Practice Website Should Include
Whether you’re running a business site, an online store, or a hobby blog, WordPress offers the flexibility and ease of use to help make it a smashing success.
But to avoid security breaches that could tarnish your reputation, spend a few minutes learning about WordPress security. Thanks to our step-by-step guide, protect your WordPress site from hackers, and keep it safe, secure, and working for visitors and customers.
Continue reading → WordPress Security: How to Secure Your Site from Hackers
During an internal audit of the WP Fastest Cache plugin, we uncovered an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue.
If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). It can only be exploited if the classic-editor plugin is also installed and activated on the site.
Successfully exploiting the CSRF & Stored XSS vulnerability could enable bad actors to perform any action the logged-in administrator they targeted is allowed to do on the targeted site.
We reported the vulnerabilities to this plugin’s author via email, and they recently released version 0.9.5 to address them. We strongly recommend that you update to the latest version of the plugin and have an established security solution on your site, such as Jetpack Security.
Continue reading → Multiple vulnerabilities in WP Fastest Cache plugin
Over the last decade, video has become an integral part of successful business strategy. It’s no longer enough to have video on your site to stand out; it’s essential to have it woven throughout the customer experience to drive traffic, generate leads, boost engagement, and increase sales.
Despite the ubiquity of video, the available solutions for WordPress are often lackluster. Ads can ruin the moment, presenting irrelevant content and increasing site abandonment. On top of that, there are challenges with integrating technology and self-hosting video.
That’s why we’re excited to present Jetpack VideoPress.
Continue reading → Announcing Jetpack VideoPress: Ad-free, HD video for WordPress
Jetpack 10.2 is now available for download. We have some cool new features for you along with several bug fixes and performance enhancements.
Continue reading → Jetpack 10.2: Get More Widget Visibility Controls