The ‘WordPress’ fight is now a lawsuit

image via theverge.com
image via theverge.com

The WP Engine web hosting service is suing WordPress co-founder Matt Mullenweg and Automattic for alleged libel and attempted extortion, following a public spat over the WordPress trademark and open-source project. In the federal lawsuit filed on Wednesday, WP Engine accuses both Automattic and its CEO Mullenweg of “abuse of power, extortion, and greed,” and said it seeks to prevent them from inflicting further harm against WP Engine and the WordPress community.

https://www.theverge.com/2024/10/3/24261016/wordpress-wp-engine-lawsuit-automattic-matt-mullenweg

WordPress.org bans WP Engine, blocks it from accessing its resources | TechCrunch

image via techcrunch.com
image via techcrunch.com

WordPress drama went up another notch on Wednesday after WordPress.org banned hosting provider WP Engine from accessing its resources. “WP Engine wants to control your WordPress experience, they need to run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping-o-matic, and showcase. Their servers can no longer access our servers for free."

https://techcrunch.com/2024/09/25/wordpress-org-bans-wp-engine-blocks-it-from-accessing-its-resources/

WordPress plugin flaw puts ‘millions of websites’ at risk

image via theregister.com
image via theregister.com

WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (XSS) attacks. Essentially, it allows someone to run JavaScript within another person's view of a page, allowing the attacker to do things like steal information from the page, perform actions as the user, and so on. That's a big problem if the visitor is a logged-in administrative user, as their account could be hijacked to take over the website.

https://www.theregister.com/2023/05/08/wordpress_plugin_vulnerability/?td=rt-3a