Sun with sun glasses clip art

Woo Wednesday July 10, 2024

Woo Wednesday Online Meetup at Noon Pacific Time

Join At: Meetup.com

Other Upcoming Meetups (Pacific Time)

Dallas/Fort Worth WordPress: Event PageFeaturing Eric L.

WORDPRESS HELP-DESK SUPPORT: List of WP Meetup Groups – By Eagle

S.C.C. WP – Take Your WordPress Site to the Next Level! July 10th @ 7:00 pm

West Orlando WP – Second Thursday Meetup: July 11th @ 9:30 am

Accessibility WP – Real-Time Web Registry Services: July 11th @ 8:00 am

C d’A/Spokane WP – WordPress Discussion & Help Desk: July 11th @ 6:00 pm

I.E.W.P – Monthly Help Desk: July 11th @ 7:00 pm

Portland WP – Monthly Help Desk: July 13th @ 10:00 am

South Sound WP – Help Desk & Hacking: July 13th @ 10:00 am

Houston Woo – Monthly Meeting: July 15th @ 5:00 pm

Accessibility WP – Which Page Builder is Best at Accessibility: July 15th @ 5:00 pm

Portland WP – All about Hosting: July 15th @ 6:00 pm

Hartford WP – WordPress Summer School – Session 2: July @ 3:00 pm

Toronto WP – Let’s Fix Your Website: July 16th @ 3:30 pm:

Woo News

Woo Commerce Image

Current WooCommerce version is 9.0.2

From the Woo Developer Blog, by Jacklyn Biggin

“WooCommerce 9.0 and 9.0.1 broke backwards compatibility with some stores that used decimal and thousand separators when entering their flat rate shipping cost. Specifically, stores with shipping cost that used both thousand and decimal separators would calculate shipping rates incorrectly, as shared in our previous developer advisory

This dot release – 9.0.2 – fixes this issue by restoring the previous behaviour.

July Office Hours: Open Forum & APAC Hours

From the Woo Developer Blog, by Shani Banerjee

US/EUROPE: Wednesday July 17, 2024 16:00 – 17:00 UTC (12:00PM New York, 18:00PM Berlin)

APAC: Wednesday July 24, 2024 02:00-03:00 UTC (7:30AM Bengaluru, 10:00AM Kuala Lumpur)

WooCommerce Statistics [2023 Updated Data]

From Tech Report by Susan Laborde

“People rely on WooCommerce to create many e-commerce sites today. According to the data, WooCommerce powers more than 6.5 million websites. And why not? It is fast and easy to use, offering users a wide range of features. Apart from the features and benefits, there are many things about the WooCommerce platform that you most likely don’t know about. We have packed them all in this article to help you understand how important it is now and expert projections for its growth in the future.”

“The number of free WooCommerce Plugins is about 4,600. About 39% of the eCommerce global market share belongs to WooCommerce. More than 6.3 million websites use WooCommerce. About half of the website WooCommerce has used is in the US. WooCommerce made over $20 billion from sales in 2020. About 28% of the biggest 1 million eCommerce websites use WooCommerce. There are about 67 languages in WooCommerce. About 93.7% of the websites on WordPress use WooCommerce. WooCommerce average monthly visitors is 2.5 million. WooCommerce had about 162 million downloads in January 2021. WooCommerce has a 52.26% organic traffic. Astra is the most popular WooCommerce theme. WooCommerce had over 3.9 million downloads in one day in 2021. The revenue of WooCommerce exceeds many countries. WooCommerce is the second fastest-growingCMS in the world.”

How to plan for Black Friday and why you should start now

From the General Woo Blog, By Elizabeth Rosselle

“Black Friday and Cyber Monday are still months away, but it’s never a bad idea to plan in advance for the biggest shopping weekend of the year. Adobe Analytics reports that Black Friday online sales surged almost 7.5% last year up to $9.8 billion, and this year looks to be no different.

That means now is the perfect time to start generating buzz around your products and upcoming deals. Then, once Black Friday is here, your company will be top of mind when your customers are looking for the best sales.”

Word News

Image of Regina Carter

WordPress 6.5.5 Security Release

From WordPress.org, by Aaron Jorbin

Security updates included in this release:

  • A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team, along with Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
  • A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
  • A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.

WordPress 6.6 RC3

From WordPress.org, by marybaum

Get a recap of WordPress 6.6’s highlighted features in the Beta 1 announcement. For more technical information related to issues addressed since RC 2, you can browse the following links:

Want to look deeper into the details and technical notes for this release? You might want to make your first stop The WordPress 6.6 Field Guide. Then, check out this list:

This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, please evaluate RC2 on a test server or a local environment.

The target for the WordPress 6.6 release is July 16, 2024. Get an overview of the 6.6 release cycle, and check the Make WordPress Core blog for 6.6-related posts in the next few weeks for further details.”

Hackers target WordPress calendar plugin used by 150,000 sites

From Bleeping Computer, by Bill Toulas

“Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.

The plugin is developed by Webnus and is used to organize and manage in-person, virtual, or hybrid events.

The vulnerability exploited in attacks is identified as CVE-2024-5441 and received a high-severity score (CVSS v3.1: 8.8). It was discovered and reported responsibly on May 20 by Friderika Baranyai during Wordfence’s Bug Bounty Extravaganza.”

WordPress Nested Pages Plugin High Severity Vulnerability

From Search Engine Journal, by Roger Montti

“The U.S. National Vulnerability Database (NVD) and Wordfence published a security advisory of a high severity Cross Site Request Forgery (CSRF) vulnerability affecting the Nested Pages WordPress plugin affecting up to +100,000 installations. The vulnerability received a Common Vulnerability Scoring System (CVSS) rating of 8.8 on a scale of 1 – 10, with ten representing the highest level severity.”

Shreds.AI Successfully Rebuilds WordPress Code in Less Than 24 Hours

From Business Wire

“Shreds.AI not only transformed the code from PHP to Java but also modernized the entire WordPress architecture using the latest technology standards.”

The Plugin “Genesis Blocks” has been temporarily removed from wordpress.org

From the WordPress Repository

“This plugin has been closed as of July 8, 2024 and is not available for download. This closure is temporary, pending a full review.”

WordPress Plugins at Risk From Polyfill Library Compromise

From Info Security Magazine, by Alessandro Mascellino

“WordPress plugins are currently facing significant security risks due to a recent discovery detailed in a security advisory published by Patchstack today. 

The advisory references a Polyfill supply chain attack initially reported on June 25 by Sansec. This attack targets Polyfill.js, a widely used JavaScript library that enables modern functionality on older web browsers lacking native support.

According to both companies’ findings, the attack exploits vulnerabilities in the polyfill.io domain, which Funnull, a China-based entity, recently acquired.

Malicious JavaScript code was injected into the library hosted on this domain, posing severe risks such as cross-site scripting (XSS) threats. These vulnerabilities could potentially compromise user data and redirect visitors to malicious websites, including fraudulent sports betting platforms.”

Grid Layouts, curate the Editor experience, WordPress 6.6 — Weekend Edition 298

From the Gutenberg Times

“This Weekend Edition has quite a few videos linked on what’s coming in WordPress 6.6, on Grid layouts, and Interactivity API. Something for everyone. To learn about new features and grasp their impact, it’s much easier to see them demo’ed in a video setting or screen share than just learn about it via a blog post or a podcast.”

Free Resources

CMP – Coming Soon & Maintenance Plugin by NiteoThemes

“MP – Coming Soon & Maintenance plugin has all premium features you ever wished for, and it is free! It is also super fast and user friendly. You can activate your Maintenance, Coming soon(under construction) or a Landing page with a single click. Customizable in many ways – you can select a layout from predefined Themes, set custom logo, background graphics (including YouTube videos or Unsplash images), custom text or graphic content, subscribe form, social networks icons, change typography, colors, SEO, and many more.

Packed with functions like Whitelist/Blacklist to enable CMP only on specific pages, User Roles Management, custom URL Bypass, Translation strings, custom Subscribers option and many more you would not believe it is free. No ADS too, guaranteed!”