Feed your WordPress Demons!
WordPress 2.7 beta has finally been released. There is no question that WordPress 2.7 is going to be a significant step up over the current 2.6 we have at hand, but it will take time for the WordPress folks to release the new edition to the public.
The bugs with wp-mail and autosave have been fixed along with a bunch of other small fixes. Here is a complete list of changes.
{ 0 comments }
Continue ReadingThe good folks at WordPress have just released a new security patch for WordPress platform (WP 2.6.3). Here is the deal:
A vulnerability in the Snoopy library was announced today. WordPress uses Snoopy to fetch the feeds shown in the Dashboard. Although this seems to be a low risk vulnerability for WordPress users, we wanted to get an update out immediately.
For those of you who are a bit more technical:
This can be exploited to inject arbitrary shell commands via a script calling the “fetch()” or “submit()” function with an URL controlled by the attacker.
This is a highly critical security item, so you should download yours as soon as possible.
{ 0 comments }
Continue ReadingWordPress is the undisputed king of content management systems out there and more than 70% of blogs use WordPress as their underlying platform. WordPress is easy to use, convenient, and easy to enhance. In fact, many programmers have put their time and effort to produce plugins for free for everyone to use. However, int the theme market it’s a different story. While many WordPress designers have put their time to design simple and easy to use themes, the premium market is always the place people look for for the best WordPress designs. The premium WordPress themes are in general come with single and unlimited licenses and cost from $20 to $500, depending on the quality of the theme.
But it seems now a few top designers are planning to offer their themes for free to public to show their dedication to the open source movement. I always thought that giving themes away for free in return for a text link is generally well worth it, but opening up the source for everyone to make changes can only make the WordPress community better. I don’t know how successful this effort will be, but it is something worth watching out for.
{ 0 comments }
Continue Reading
We had a post about TV.Elements a few weeks ago as we evaluated this excellent video blogging premium theme. TV.Elements 2.0 is significantly improved and now comes in black and white, which means you are pretty much getting two designs for the price of one. The price has stayed the same which is a big plus, but now you can do normal blogging in addition to Videoblogging. Who can beat that?
We’ll post a full review on TV.Elements 2.0 soon. In the meantime, don’t forget to read our review of the earlier version to get a taste.
{ 0 comments }
Continue Reading
The march towards WordPress 2.7 continues with the release of WordPress 2.6.2. The good people at WordPress are working very hard to keep the system clean and safe for all the bloggers. The new release however is released to help bloggers who allow registrations on their accounts to take advantage. Here is why you should upgrade:
With open registration enabled, it is possible in WordPress versions 2.6.1 and earlier to craft a username such that it will allow resetting another user’s password to a randomly generated password. The randomly generated password is not disclosed to the attacker, so this problem by itself is annoying but not a security exploit. However, this attack coupled with a weakness in the random number seeding in mt_rand() could be used to predict the randomly generated password.
Pretty nasty, isn’t it? With all these hackers out there to comprosie popular blogs, you should definitely keep up with your updates to avoid major issues. You can download WordPress 2.6.2 here.
{ 0 comments }
Continue Reading
