WP Fastest Cache Patches Authenticated SQL Injection and Stored XSS Via CSRF Vulnerabilities

The Jetpack Scan team has published a summary of two issues recently discovered in the WP Fastest Cache plugin – an Authenticated SQL Injection vulnerability and a Stored XSS Via CSRF vulnerability. “If exploited, the SQL Injection bug could grant attackers access to privileged information from the affected site’s database (e.g., usernames and hashed passwords),” Automattic …

Yoast and Google-Sponsored Core Contributors Propose New WordPress Performance Team

Yoast and Google-sponsored WordPress core contributors are proposing the project add a Performance team to improve core performance as measured by Google’s Web Vitals metrics. “Users expect and prefer fast experiences (consciously or otherwise),” Yoast-sponsored full-time core contributor Ari Stathopoulos said. “Research shows that fast websites can provide a better user experience, increase engagement, benefit …

Hacktoberfest Adds GitLab Support, Updates Participation Requirements to Combat Open Source Project Spam

The 8th annual Hacktoberfest is underway with a few important changes this year. Hacktoberfest, a virtual event sponsored by DigitalOcean and community partners, has traditionally encouraged open source contribution during the month of October by rewarding participants with a t-shirt for submitting pull requests. The initiative has added support for participation on GitLab this year, …