You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Alice Orru, from Sardinia, Italy. Alice Orru was born in Sardinia, an […]
Archive for security
987 results.
September has been a particularly busy month in the WordPress community—a lot of important work has been done as everyone in the project works towards an upcoming major release. Read on to find out more about this and everything else that has been going on over the past month. WordPress 5.2.3 Security and Maintenance Release […]
WordPress 5.3 Beta 2 is now available! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.3 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
The end of the 2019 WebPros Summit has come, and it was an event for the books. We have enjoyed getting spend time with all of you, and cannot wait to do this again next year! We owe huge thanks to all of our attendees, sponsors, and exhibitors. We strive to put on the best event we possibly can for you, and joining us for these past few days is incredibly worth it. A big …
Comment
[20190901] – Core – XSS in logo parameter of default templates
Sep24
on September 24, 2019
at 1:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 3.0.0-3.9.11
- Exploit type: XSS
- Reported Date: 2019-August-28
- Fixed Date: 2019-September-24
- CVE Number: CVE-2019-16725
Description
Inadequate escaping allowed XSS attacks using the logo parameter of the default templates.
Affected Installs
Joomla! CMS versions 3.0.0 – 3.9.11
Solution
Upgrade to version 3.9.12
Contact
The JSST at the Joomla! Security Centre.
Reported By: Aswin M Guptha
WordPress 5.3 Beta 1 is now available! This software is still in development, so we don’t recommend running it on a production site. Consider setting up a test site to play with the new version. You can test the WordPress 5.3 beta in two ways: Try the WordPress Beta Tester plugin (choose the “bleeding edge […]
“I dare somebody to go to Atlanta and not have a good time” -Bryan Tyree Henry WebPros Summit 2019 is here. We’re on the road and in Atlanta, Georgia. This year promises to be the most exciting and diverse conference yet. If you haven’t done so, make sure you head on over to the WPS 2019 website to register and come join us! Nestled in the northern portion of the great southern state of Georgia …
#WebProsSummit19 Guest Blog: Halon Security
Sep18
on September 18, 2019
at 5:00 pm
Posted In: Uncategorized
Halon Security, a Swedish company with offices overlooking the beautiful city of Gothenburg, Sweden, is proud to be sponsoring the WebPros Summit 2019 in Atlanta, Georgia! While we’ve partnered with cPanel and sponsored conferences in the past, this year has special significance for us; taking part in the very first WebPros Summit in Atlanta, Georgia! Regardless if you are a hosting provider or managed service provider, secure email is undoubtedly an integral part of your …
The phrase “open source” has been in use much longer than you think, popping up as early as Thomas Willis‘ 1685 piece, The London Practice of, Or The Whole Practical Part of Physick, describing in medical terminology how a wound behaves. The modern usage of the phrase is a bit newer and has become the appropriate descriptor for a software product that gives the user permission to add/remove/change its source code, design, or contents. From casual …
Note from benny: WebPros Summit is an annual gathering of the web hosting community, and we want everyone to stay secure online for this year’s event. That’s why we’ve partnered with WLVPN to provide free VPN service to all of this year’s attendees. Here’s everything you need to know. WLVPN is here to keep you and your customers safe by protecting your internet privacy. We’re proud to be the official VPN sponsor of WebPros Summit. …
You’ve probably heard that WordPress is open-source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Abdullah Ramzan, from Lahore, Punjab, Pakistan. Abdullah Ramzan was born and brought […]
WordPress 5.2.3 Security and Maintenance Release
Sep05
on September 5, 2019
at 1:51 am
Posted In: Uncategorized
WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions […]
#WebProsSummit19 Guest Blog: LiteSpeed Technologies
Sep04
on September 4, 2019
at 5:30 pm
Posted In: Uncategorized
This is the first in a series of guest blogs around the 2019 Web Pros Summit. Please welcome Kacey Schroeder from LiteSpeed Technologies. LiteSpeed Technologies is honored to be a sponsor of WebPros Summit 2019 and long-term partners with cPanel. We first began collaborating with cPanel with the release of our original WHM plugin in 2013. cPanel introduced official support for LiteSpeed Web Server in 2014, as the only official third-party supported web server. This …
This has been a particularly busy month, with a number of interesting and ambitious proposals for the WordPress project along with active progress across the entire community. Core Development and Schedule The upcoming minor release of WordPress, v5.2.3, is currently in the release candidate phase and available for testing. Following that, the next major release […]
When someone is looking for a mechanic, it can be hard to know whom you can trust to do the work using the best practices available for a fair price. Finding a System Administrator often carries some similar challenges. Certifications are one way to show that a Sysadmin is up to date on the best way to secure data and administer servers. cPanel is now offering SafeAdmin certification as a way to appraise a technician’s existing set of skills, representing …
Uniqlo and The Guardian among thousands of sites loading malicious code from S3
Aug29
on August 29, 2019
at 2:00 pm
Posted In: Uncategorized
Uniqlo’s website transmitted customers’ credit card details to fraudsters for more than a week in May this year, following the addition of e-commerce skimming code. The injected JavaScript code was designed to silently ‘skim’ the completed checkout form and send a copy of the customer’s details to the fraudsters. Thousands more sites have also been […]
If you’ve been to any of our conferences before, chances are you’ve attended Game Night on the final night. WebPros Summit 2019 promises to be the biggest and best conference yet, and we would be remiss in not bringing in the best of the best for arguably the most fun evening event of the Summit. Introducing the reimagined, bigger and badder GAME NIGHT. 21st Century Digital Game As always, we’re bringing in some of the …
Netcraft Extension adds protection against malicious JavaScript
Aug19
on August 19, 2019
at 11:00 am
Posted In: Uncategorized
Netcraft has updated its browser extension to add protection against malicious JavaScript, including shopping site skimmers and web miners. Shopping site skimmers are malicious JavaScript programs that steal your payment card information when you checkout on a compromised online store, and send it back to a fraudster to use later. These attacks have affected a […]
Upcoming Changes to Let’s Encrypt Plugin
Aug15
on August 15, 2019
at 5:00 pm
Posted In: Uncategorized
Earlier this year, Let’s Encrypt announced the end of life (EOL) plan for their original API. Starting this November, they will no longer allow new account registrations through the original API. After the original API reaches EOL, new account registrations must use Let’s Encrypt’s new API. Because of this, cPanel is migrating its Let’s Encrypt plugin to use that new API instead of the old API. Why change now? If we do not update our plugin, we …
Need help asking your boss to attend WebPros Summit?
Aug13
on August 13, 2019
at 7:00 pm
Posted In: Uncategorized
The upcoming WebPros Summit 2019 is almost upon us! In talking with different members of the community, a common theme pops up from those who want to attend. “How do I convince my boss/company/employer that we/I should attend the WebPros Summit?” Never fear, we have a solution for you! Take this handy pre-formatted letter and simply replace the text that goes in [these boxes]. There’s plenty of value to attending the Summit this year, and …
[20190801] – Core – Hardening com_contact contact form
Aug13
on August 13, 2019
at 1:00 pm
Posted In: Uncategorized
- Project: Joomla!
- SubProject: CMS
- Impact: Moderate
- Severity: Low
- Versions: 1.6.2 – 3.9.10
- Exploit type: Incorrect Access Control
- Reported Date: 2019-April-09
- Fixed Date: 2019-August-13
- CVE Number: CVE-2019-XXXXX
Description
Inadequate checks in com_contact could allowed mail submission in disabled forms.
Affected Installs
Joomla! CMS versions 1.6.2 – 3.9.10
Solution
Upgrade to version 3.9.11
Contact
The JSST at the Joomla! Security Centre.
Reported By: Sergey Brester
You’ve probably heard that WordPress is open source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Amanda Rush from Augusta, Georgia, USA. Amanda Rush is a WordPress […]
Summit /ˈsəmət/ (noun)- the highest level or degree attainable; the highest stage of development.This year the cPanel Conference is being transformed into the WebPros Summit. With the addition of cPanel to the WebPros family of companies, the natural progression for our annual conference was a combined conference. Partnering with the communities of Plesk, WHMCS, and SolusVM will increase the size and impact that an annual hosting conference has. Enter WebPros Summit 2019. With the power …
…in the great state of Texas, a software company offered unto its’ subjects a Feature Request Site where they could submit their feedback about the products it worked so diligently to create and support. This site was launched in October 2012 to great fanfare and fingers flew across keyboards from across all the lands as requests were submitted. Each person was allotted votes they could use to make their greatest wishes for cPanel known, …
This month has been characterized by exciting plans and big announcements – read on to find out what they are and what it all means for the future of the WordPress project. WordCamp Asia Announced The inaugural WordCamp Asia will be in Bangkok, Thailand, on February 21-23, 2020. This will be the first regional WordCamp […]
Today we announced a new partnership with our friends over at CloudLinux. Anyone who is gearing up to migrate from CentOS 6 to CentOS7 (and again from CentOS 7 to CentOS 8 in a few years) can now consider another option! cPanel & WHM Version 86: The last version to support CentOS 6 We are planning on carrying support for CentOS 6 until the next LTS version of cPanel & WHM, Version 86. Only one version …
Back in April, we released an experimental version of NGINX into the wild for cPanel users at large to test and play around with. The feedback we’ve received from you, the cPanel Community, has been great! For those of you that have been using the experimental version of NGINX, there have been several add-on features that have been requested we add to NGINX to make it more viable. While we’re still a long ways …
Hi. I’m Tabby. I joined the Community Team at cPanel in March 2019 as a Community Manager. I couldn’t be more excited about it if I tried, and I’ll tell you why; my entire career has led to this role. I’ve done so many weird and disparate things that from the outside, I’m sure when I tell folks that I was an award-winning music educator before I was a Community Manager, it makes no sense …
Netcraft releases anti-phishing extension for Microsoft Edge
Jul16
on July 16, 2019
at 2:20 pm
Posted In: Uncategorized
The Netcraft Anti-Phishing Extension is now available for Microsoft Edge. The Netcraft Anti-Phishing Extension provides phishing and XSS protection as well as informing you about the websites you visit. It was first made available for Internet Explorer in December 2004, followed by Firefox in 2005, Chrome in 2012 and Opera in 2013. Microsoft Edge is […]
You’ve probably heard that WordPress is open source software, and may know that it’s created and run by volunteers. WordPress enthusiasts share many examples of how WordPress changed people’s lives for the better. This monthly series shares some of those lesser-known, amazing stories. Meet Ugyen Dorji from Bhutan Ugyen lives in Bhutan, a landlocked country […]