All sites now updated to WordPress 5.x

We had initially held off on updates of some sites to WordPress 5.x due to concerns of potential problems with the new Gutenberg editor and questions about compatibility with some older themes.

We’re happy to announce that all sites we manage have now been updated. Many sites are currently set up with the Classic Editor plugin, which allow you to continue to write posts and pages in the way that you’re familiar with. We recommend that you familiarize yourself with the new Gutenberg editor by temporarily deactivating the Classic Editor plugin and giving Gutenberg a try. Classic editing will only be supported for about 2 years.

Learn more about Gutenberg here:

https://wordpress.org/gutenberg/handbook/

and here:

https://www.codeinwp.com/blog/wordpress-gutenberg-guide/

Social Warfare plugin flaws allow both Cross-Site Scripting and Remote Code Execution

A zero-day exploit was recently discovered in the popular Social Warfare plugin which allows both Cross-Site Scripting and Remote Code Execution. The Remote Code execution problem was found by security researchers as they examined the code behind the initial attack. Both problems have been fixed in the most recent release.

This is a good example of why we update plugins (and themes and WordPress core code) as soon as a new version is released.

What does that all mean?

Zero Day exploits generally refer to a security hole in some software which someone, somewhere has found, but the software developers don’t know about it yet. They have literally had zero days to fix it.

Cross-Site Scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.

Remote Code Execution The ability to trigger code execution over a network. In the case of exploits, the code is malicious code which is placed on the site by the hacker.

https://en.wikipedia.org/wiki/Cross-site_scripting

https://www.wordfence.com/blog/2019/03/unpatched-zero-day-vulnerability-in-social-warfare-plugin-exploited-in-the-wild/

https://www.wordfence.com/blog/2019/03/recent-social-warfare-vulnerability-allowed-remote-code-execution/