Multiple vulnerabilities in WP Fastest Cache plugin

During an internal audit of the WP Fastest Cache plugin, we uncovered an Authenticated SQL Injection vulnerability and a Stored XSS (Cross-Site Scripting) via Cross-Site Request Forgery (CSRF) issue.

If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords). It can only be exploited if the classic-editor plugin is also installed and activated on the site. 

Successfully exploiting the CSRF & Stored XSS vulnerability could enable bad actors to perform any action the logged-in administrator they targeted is allowed to do on the targeted site.

We reported the vulnerabilities to this plugin’s author via email, and they recently released version 0.9.5 to address them. We strongly recommend that you update to the latest version of the plugin and have an established security solution on your site, such as Jetpack Security.

Continue reading → Multiple vulnerabilities in WP Fastest Cache plugin

Posted in scan, Security, Vulnerabilities | Tagged , , | Leave a comment
New Jetpack Release

Jetpack 10.2: Get More Widget Visibility Controls

Jetpack 10.2 is now available for download. We have some cool new features for you along with several bug fixes and performance enhancements.

Continue reading → Jetpack 10.2: Get More Widget Visibility Controls

Posted in Releases | Tagged , , , | Comments Off on Jetpack 10.2: Get More Widget Visibility Controls
Improved Jetpack Experience

Jetpack 10.1: Customize Search in Block Editor

A new month has arrived along with a shiny new version of Jetpack that provides an enhanced experience for you and your site visitors.

Continue reading → Jetpack 10.1: Customize Search in Block Editor

Posted in Jetpack News, Releases | Tagged , , , | Leave a comment

Multiple vulnerabilities in Workreap theme by Amentotech

Recently the Jetpack team found some infected files in one of our hosted customers’ sites, and quickly traced the source of infection back to the Workreap theme by Amentotech. We started an investigation and uncovered a number of vulnerable AJAX endpoints in the theme; the most severe of these was an unauthenticated unvalidated upload vulnerability potentially leading to remote code execution and a full site takeover.

We reported the vulnerabilities to the Amentotech team via the Envato Helpful Hacker program, and the issues were addressed promptly by them. Version 2.2.2 of the theme was released on June 29, 2021 that fixes the found vulnerabilities.

TL;DR

Due to the seriousness of the vulnerabilities, we highly recommend all users of the Workreap theme to upgrade to version 2.2.2 or later as soon as possible. 

Download the upgrade from the theme website and install it manually, or upgrade automatically via the Envato market plugin.

Continue reading → Multiple vulnerabilities in Workreap theme by Amentotech

Posted in Vulnerabilities | Tagged , , | Comments Off on Multiple vulnerabilities in Workreap theme by Amentotech

Six Newsletter Ideas to Connect With Your Readers

You just set up an email subscription sign-up form on your website. What should you do next? Email marketing can seem like an overwhelming concept for those just getting started, but it doesn’t have to be this way!

One of the most popular forms of email marketing is sharing a weekly or monthly newsletter. Let’s take a look at two of the most pressing decisions for beginners: what newsletter content should you create and how should you format it to achieve your goals?

Continue reading → Six Newsletter Ideas to Connect With Your Readers

Posted in Tips & Tricks | Tagged , , , , | Comments Off on Six Newsletter Ideas to Connect With Your Readers

Website Customization: Renaming Sections on Your WordPress Site

Website customization is one of the best ways to ensure that your site reflects your brand’s voice, style, and personality. It typically involves incorporating your brand’s colors and fonts, uploading your logo as the header image, adding a background design, and including branded images in your posts.

However, the branding process of site development doesn’t have to stop with the basics. There are a few extra customizations that can get overlooked, even though they’re some of the easiest ways to add an extra touch of personality to your site. One of these customizations is the ability to rename site sections.

Today, we’ll explain why you want to rename your site sections, and the various tools and widgets available to customize the different parts of your website.

Continue reading → Website Customization: Renaming Sections on Your WordPress Site

Posted in Website Design | Tagged , , , , , | 2 Comments
Jetpack New Release

Jetpack 6.1: General Maintenance

Happy May and welcome to Jetpack 6.1. This month brings us another general maintenance release, so you won’t find any big surprises here, but there are still some important improvements to learn about.

The new things you’ll find in 6.1 are:

Privacy information links added

Jetpack’s position regarding its users and their visitors’ privacy has been enhanced in the process to make all of Automattic’s software GDPR-compliant.

You will now will see a footer on the “More Info” popover that appears next to each feature setting. These link to specific sections in our support docs describing privacy implications in the event you want to learn more about them.

Stats and Do Not Track changes

We now offer the users a way to have a clear map of the privacy implications of each Jetpack feature. We also introduced a new filter that will honor the Do Not Track feature for visitors that choose to take advantage of it.

Note that this only affects Jetpack’s own Stats feature and nothing else.

WordAds improvements

There are two improvements to the WordAds program to share this month. First, we’ve added support for the ads.txt file.

Second, we’ve introduced a new shortcode, [wordads], which allows you to include an ad inline on any given post or page content. This will give you even more flexibility in defining where your ads appear on your site.

Additional performance enhancements

There are a few bugfixes and enhancements in this release, but the main issues we tackled are the following:

  • When a post transitions to publish, Jetpack used to add Publicize post meta to all posts, whether or not it was a Publicize-able post type. This has been adjusted.
  • We removed the Sharing and Like display functionality from WooCommerce’s Cart, Checkout, and Account pages.
  • Users running their site on PHP 7.2 were seeing notices on their logs related to language features that were updated with this latest release of PHP. These notices should now be addressed.

Full changelog and thanks

As always, you can read the full changelog and see what else we have improved in this release.

Install Jetpack on your site or upgrade to 6.1 today to experience the latest and greatest!

Thanks to all the contributors to this release:

Aaron Douglas, Alex Mills, Allen Snook, Anthony Bubel, Brandon Kraft, Daniel Walmsley, David Newman, Derek Smart, Eric Johnson, Egill R. Erlendsson, Elio Rivero, Enej Bajgoric, Eric Binnion, George Stephanis, Igor Zinovyev, Javi Alvarez, Jacopo Tomasone, Jason Johnston, Jeremy Herve, Jeff Bowen, Jeff Stieler, Joan Rho, Justin Shreve, Lance Willett, Michael D Adams,  Michael Turk, Miguel Lezama, Mikael Korpela, Mike Jolley, Niels Lange, Oscar Lopez, Peter Westwood, Rastislav Lamoš, RC Lations, Rob Landers, Rocco Tripaldi, Taegon Kim, Tugdual de Kerviler, Yaroslav Kukharuk, and Žiga Sancin.

 

Posted in Releases | Tagged , , | 2 Comments

How to Choose the Right WordPress Theme for Your Site

According to W3Techs, WordPress is the most popular content management system out there, powering more than 30% of the world’s websites. Part of WordPress’s popularity is due to how many themes there are to choose from, and how easily you can change the look of your site without needing help from a developer.

Jetpack takes this ease of use a step further by offering everyone more than 150 free themes, and more than 200 premium themes to Professional plan subscribers. This not only allows you to preview each one, but you can even search for themes with specific features.

But with so many great themes available, it can be hard — sometimes really hard — to pick just one. How do you choose the one that’s best for your site?

Today, we’ll review what you should look for in a theme when picking from the very best that the world of WordPress has to offer.

Continue reading → How to Choose the Right WordPress Theme for Your Site

Posted in Website Design | Tagged , , , , , , | Comments Off on How to Choose the Right WordPress Theme for Your Site

5 Steps to Create the Perfect Restaurant Website with Jetpack

A strong restaurant website is important for anyone who owns an eatery. After all, many people research restaurants online before deciding where to go. But you may not know exactly how the site you’re building can draw more people into your actual restaurant.

Jetpack offers a host of themes cooked up especially for restaurants. Coupled with the Contact Info widget and other great features, you’ll give customers the information they need to decide just how soon they should reserve a table at your place.

Read on to learn how WordPress and Jetpack can help you create the perfect restaurant website in five easy steps.

Continue reading → 5 Steps to Create the Perfect Restaurant Website with Jetpack

Posted in Small Business | Tagged , | Comments Off on 5 Steps to Create the Perfect Restaurant Website with Jetpack
  • Enter your email address to follow this blog and receive news and updates from Jetpack!

    Join 110,242 other followers

  • Browse by topic