WordPress.org bans WP Engine, blocks it from accessing its resources | TechCrunch

image via techcrunch.com
image via techcrunch.com

WordPress drama went up another notch on Wednesday after WordPress.org banned hosting provider WP Engine from accessing its resources. “WP Engine wants to control your WordPress experience, they need to run their own user login system, update servers, plugin directory, theme directory, pattern directory, block directory, translations, photo directory, job board, meetups, conferences, bug tracker, forums, Slack, Ping-o-matic, and showcase. Their servers can no longer access our servers for free."

https://techcrunch.com/2024/09/25/wordpress-org-bans-wp-engine-blocks-it-from-accessing-its-resources/

WordPress plugin flaw puts ‘millions of websites’ at risk

image via theregister.com
image via theregister.com

WordPress users with the Advanced Custom Fields plugin on their website should upgrade after the discovery of a vulnerability in the code that could open up sites and their visitors to cross-site scripting (XSS) attacks. Essentially, it allows someone to run JavaScript within another person's view of a page, allowing the attacker to do things like steal information from the page, perform actions as the user, and so on. That's a big problem if the visitor is a logged-in administrative user, as their account could be hijacked to take over the website.

https://www.theregister.com/2023/05/08/wordpress_plugin_vulnerability/?td=rt-3a