Red White & Blue Image

Woo Wednesday July 3, 2024

Woo Wednesday Online Meetup at Noon Pacific Time

Join At: Meetup.com

Other Upcoming Meetups (Pacific Time)

Dallas/Fort Worth WordPress: Event PageFeaturing Eric L.

WORDPRESS HELP-DESK SUPPORT: List of WP Meetup Groups – By Eagle

West Orlando WP – First Friday Collaboration Meetup: July 5th @ 7:00 am

Santa Cruz/San Jose WP – Help Desk: July 5th @ 6:00 pm

Midcities WP – Round Table Discussion: July 6th @ 11:00 am

Cambridge WP – Patterns, Templates & Custom CSS: July 8th @ 11:00 am

San Diego WP – Monthly Help Desk Meetup: July 8th @ 6:00 pm

Learn WP – Editor unification & extensibility in WP 6.6: July 9th @ 8:00 am

Woo News

Woo Commerce Image

Current WooCommerce version is 9.0.2

From the Woo Developer Blog, by Jacklyn Biggin

“WooCommerce 9.0 and 9.0.1 broke backwards compatibility with some stores that used decimal and thousand separators when entering their flat rate shipping cost. Specifically, stores with shipping cost that used both thousand and decimal separators would calculate shipping rates incorrectly, as shared in our previous developer advisory

This dot release – 9.0.2 – fixes this issue by restoring the previous behaviour.

Word News

Image of Regina Carter

WordPress 6.5.5 Security Release

From WordPress.org, by Aaron Jorbin

Security updates included in this release:

  • A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team, along with Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
  • A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
  • A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.

WordPress 6.6 RC2

From WordPress.org, by marybaum

This version of the WordPress software is under development. Please do not install, run, or test this version of WordPress on production or mission-critical websites. Instead, please evaluate RC2 on a test server or a local environment.

The target for the WordPress 6.6 release is July 16, 2024. Get an overview of the 6.6 release cycle, and check the Make WordPress Core blog for 6.6-related posts in the next few weeks for further details.”

Want to look deeper into the details and technical notes for this release? You might want to make your first stop The WordPress 6.6 Field Guide. Then, check out this list:

WordPress Takes A Bite Out Of Plugin Attacks

From Search Engine Journal, by Roger Montti

“WordPress announced over the weekend that they were pausing plugin updates and initiating a force reset on plugin author passwords in order to prevent additional website compromises due to the ongoing Supply Chain Attack on WordPress plugins.”

Plugins on WordPress.org backdoored in supply chain attack

From Bleeping Computer, by Bill Toulas

“A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them.

The attack was discovered by the Wordfence Threat Intelligence team yesterday, but the malicious injections appear to have occurred towards the end of last week, between June 21 and June 22.”

Together, the five plugins have been installed on more than 35,000 websites:

  • Social Warfare 4.4.6.4 to 4.4.7.1 (fixed in version 4.4.7.3)
  • Blaze Widget 2.2.5 to 2.5.2 (fixed in version 2.5.4)
  • Wrapper Link Element 1.0.2 to 1.0.3 (fixed in version 1.0.5)
  • Contact Form 7 Multi-Step Addon 1.0.4 to 1.0.5 (fixed in version 1.0.7)
  • Simply Show Hooks 1.2.1 to 1.2.2 (no fix available yet)

“Wordfence notes that it does not know how the threat actor managed to gain access to the source code of the plugins but an investigation is looking into it.

Although it is possible that the attack impacts a larger number of WordPress plugins, current evidence suggests that the compromise is limited to the aforementioned set of five.”

Free Resources

Pencil2D Animation

“An easy, intuitive tool to make 2D hand-drawn animations.”