(2)
New plugin maintains WordPress authoring experience while delivering better site performance and security
BERKELEY, Calif., Feb. 10, 2021, Inc., creators of the GatsbyJS open-source project, today announced general availability of the Gatsby Plugin for WordPress. The Plugin is available for download and is fully supported in Gatsby Cloud. Using Gatsby as the frontend and WordPress as the backend CMS, organizations can increase onsite conversions and purchases by securely delivering great visitor experiences. Gatsby as a frontend delivers much better performance than traditional WordPress sites while retaining the familiar WordPress authoring experience for content editors. For organizations with complex websites, Gatsby can deliver richer, more complex, integrated web experiences that combine content from WordPress and other CMSs and web services.
minute read
Share this article:
Two security vulnerabilities one a privilege-escalation problem and the other a stored XSS bug afflict a WordPress plugin with 40,000 installs.
Two vulnerabilities (one critical) in a WordPress plugin called Orbit Fox could allow attackers to inject malicious code into vulnerable websites and/or take control of a website.
Orbit Fox is a multi-featured WordPress plugin that works with the Elementor, Beaver Builder and Gutenberg site-building utilities. It allows site administrators to add features such as registration forms and widgets. The plugin, from a developer called ThemeIsle, has been installed by 400,000+ sites.
According to researchers at Wordfence, the first flaw (CVEs are pending) is an authenticated privilege-escalation flaw that carries a CVSS bug-severity score of 9.9, making it critical. Authenticated attackers with contributor level access or above can elevate themselves to administrator status and potentially take