WooCommerce Logo

June 19, 2024 Woo Wednesday

Woo Wednesday Online Meetup at Noon Pacific Time

Join Up At: Meetup.com

Other Upcoming Meetups (Pacific Time)

Dallas/Fort Worth WordPress: Event PageFeaturing Eric L.

WORDPRESS HELP-DESK SUPPORT: List of WP Meetup Groups – By Eagle

Bakersfield WP – Virtual WordPress Wednesday: June 19th @ 7:00 pm

Learn WP – How to install WP on an Ubuntu VPS: Apache edition: June 20th @ 5:00 am

West Orlando WP – Streamlining WP For Scalable Websites: June 20th @ 3:00 pm

Philadelphia WP – Maintaining Nonprofit Website Journey: June 20th @ 4:00 pm

San Jose/Santa Cruz WP – News & Help Desk: June 20th @ 6:00 pm

Maui WP – Monthly Meetup: June 20th @ 8:00 pm

Cincinnati WP – Working Lunch: June 21st @ 9:00 am

Hudson Valley Can Code – Build With AI, Fine Tuning Gemini: June 22nd @ 6:00 am

Learn WP – What’s new for theme developers in WP 6.6: June 25th @ 8:00 am

Calgary WP – WordPress Foundations: June 25th @ 6:00 pm

Woo News

Woo Commerce Image

Current WooCommerce version is 9.0

At the WordPress Repository

WooCommerce 9.0: Our most accessible checkout and much more

From the Woo Developer Blog, by pia8c

WooCommerce 9.0 Has been released on June 18, 2024. This post highlights what’s new in this version of WooCommerce.

Introducing coming soon mode

From the Woo Developer Blog, by Adrian Duffell

“In WooCommerce 9.1, scheduled for July 9, 2024, we plan to introduce a new coming soon mode to allow new store owners to build their store in private, as well as new onboarding tooling to provide guidance at the time of launch.”

Vulnerabilities In WooCommerce And Dokan Pro Plugins

From Search Engine Journal, by Roger Montti

“WooCommerce published an advisory about an XSS vulnerability while Wordfence simultaneously advised about a critical vulnerability in a WooCommerce plugin named Dokan Pro. The advisory about Dokan Pro warned that a SQL Injection vulnerability allows unauthenticated attackers to extract sensitive information from a website database.”

“Wordfence has indicated to SEJ that the free version of the plugin, Dokan Lite is not affected.”

“The Dokan Pro plugin allows user to transform their WooCommerce website into a multi-vendor marketplace similar to sites like Amazon and Etsy. It currently has over 50,000 installations Plugin versions up to and including 3.10.3 are vulnerable.”

“According to WordFence, version 3.11.0 represents the fully patched and safest version.

WordPress.org lists the current number of plugin installations of the lite version at over 50,000 and a total all-time number of installations of over 3 million. As of this moment only 30.6% of installations were using the most up to date version, 3.11.”

Multiple security vulnerabilities have been found in the WooCommerce Amazon Affiliates (WZone) plugin, according to Patchstack.

From InfoSecurity Magazine, by Alessandro Mascellino

“This premium WordPress plugin, developed by AA-Team and boasting over 35,000 sales, is designed to assist site owners and bloggers in monetizing their websites via the Amazon affiliate program. 

The vulnerabilities identified are serious, impacting all tested versions, including version 14.0.10 and potentially those from version 14.0.20 onward.

One of the critical issues is an authenticated arbitrary option update vulnerability, assigned CVE-2024-33549. This flaw enables authenticated users to update arbitrary WP options, potentially leading to privilege escalation. This vulnerability, which remains unpatched, could allow attackers to gain higher-level access to the WordPress site, posing significant security risks.

Additionally, the Patchstack study found two types of SQL injection vulnerabilities, both unauthenticated and authenticated SQL injection, assigned CVE-2024-33544 and CVE-2024-33546, respectively.”

The Future of Crypto Payments for Startups

From Crypto News Flash, by Alex Morrison

“Looking ahead, cryptocurrency payments will become increasingly crucial to the startup environment. This article examines the benefits of cryptocurrency payments for businesses and how to incorporate them into company operations successfully.”

Cryptocurrencies have proliferated from the periphery of banking to the mainstream, promising decentralization, security, and efficiency. Cryptocurrency payments can open up new prospects and simplify financial procedures for startups, which live on creativity and speed. 

As the world market grows more digital and linked, cryptocurrency payments provide a means of reaching a wider audience, cutting expenses, and improving security. Let us examine the reasons behind the future of cryptocurrency payments for businesses and how to make the most of this technology.”

Word News

Image of Regina Carter

WordPress 6.5.4 Maintenance Release

From WordPress.org, by Aaron Jorbin

WordPress 6.5.4 is a short-cycle release. The next major release will be version 6.6 planned for July 2024.”


“This minor release features 5 bug fixes in Core. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

WordPress 6.6 Beta 3

From WordPress.org, by marybaum

This beta version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites—you risk unexpected results if you do.”

SEO pros and cons of HubSpot vs. WordPress vs. Webflow

From Search Engine Land, by Adam Tanguay

Google cares about whether:

  • Pages load quickly.
  • Content is updated or optimized effectively.
  • The site breaks or goes down. 

All of those platforms should be able to help you build a site that is in good standing with Google. The devil is in the details and how they align with your team’s goals, needs and strengths.

I use three buckets of criteria to help people land on their best choice:

  • Flexibility: In essence, the ability to build and add features and content. Put another way, is it more open or closed? 
  • Ease of use: Does it provide a lot of handy shortcuts or is there more manual work involved? And how easy is it to find resources?
  • Security and reliability.

Let’s examine each of those a little closer – specifically, how the platforms differ. 

Seattle Public Library Website & Ebook Lending Down Following Ransomware Attack

From GIZMODo, by Matt Novak

“The Seattle Public Library has been hit by a “ransomware event” that’s impacted several systems, including ebook lending and the library’s website, according to a new report from the WordPress blog maintained by the library. But the library’s physical collection of books, CDs, and DVDS, are all still available to patrons who visit.

While the issue is being described as a ransomware “event,” it’s not immediately clear what data has potentially been compromised or who might be behind the intrusion. Ransomware hackers typically gain access to systems and either lock up crucial data or threaten to leak sensitive information unless payment is made to the intruders.”

US sues Adobe for ‘deceiving’ subscriptions that are too hard to cancel

From the Verge, by Emma Roth

Summary of the Post, which can be found here: 

  • US Government Lawsuit: The DOJ is suing Adobe for allegedly hiding expensive fees and making subscription cancellations difficult.
  • Hidden Terms: Adobe is accused of enrolling users in its most lucrative plans without clear disclosure, hiding terms in fine print and behind hyperlinks.
  • Early Termination Fees: Consumers face unexpected fees upon cancellation, which can amount to hundreds of dollars.
  • Complicated Cancellation Process: The DOJ claims Adobe’s process involves navigating multiple webpages and pop-ups, deterring customers from canceling.
  • Phone and Chat Issues: Similar difficulties are reported for phone and live chat cancellations, with calls dropping and requiring re-explanation.
  • Targeted Executives: The lawsuit names Adobe executives Maninder Sawhney and David Wadhwani for their roles in these practices.
  • FTC Criticism: Samuel Levine of the FTC criticizes Adobe for trapping customers with hidden fees and cancellation hurdles.

Adobe switched to a subscription model in 2012, frustrating many users. Recent controversies include backlash over new AI training terms and a failed Figma acquisition due to antitrust concerns.

Google Business Profile: How to Completely Optimize Your GBP Listing

From Search Engine Journal, by Sam Hollingsworth

“Use this guide to optimize your Google Business Profile for better search visibility on relevant queries by motivated customers near you.”

Free Resources

Streamlabs

Live streaming software for everyone