Weekly WordPress News: Over 1 Million WordPress Sites at Risk Due to AIOS Plugin Vulnerabilities

The All-In-One Security (AIOS) WordPress plugin from UpdraftPlus publishers provides encryption and firewall measures that aim to prevent hackers. It offers a range of security features, including firewall protection against hacking threats, copyright protection, hotlinking prevention, comment spam blocking, and log-in privacy safeguards to keep hackers out. Additionally, the plugin enforces proactive security by alerting users to frequent errors like using the default “admin” username. AIOS is a comprehensive safety solution that is supported by the reputable makers of UpdraftPlus and is highly regarded for its attributes, with over a million WordPress installations.

However, the US government’s National Vulnerability Database (NVD) recently issued two warnings about vulnerabilities in AIOS. The first vulnerability is due to a failure to escape log files, which is a data sanitization error. The second vulnerability is a path traversing flaw that allows attackers to access forbidden files by exploiting a security breach. Both vulnerabilities require admin-level access to initiate an attack, making it more difficult for the attack to succeed. These foreseeable flaws in a security plugin are concerning, but AIOS has been updated to version 5.1.6 to address them. Users are advised to update to at least version 5.1.6, and preferably version 5.1.7, which also resolves a firewall configuration crash.

// Team WPLift

WORDPRESS NEWS AND ARTICLES

• https://wordpress.org/news/2023/04/episode-53-a-look-at-wordpress-6-2-dolphy/ – Episode 53: A Look at WordPress 6.2 “Dolphy”
• https://wptavern.com/woocommerce-7-6-introduces-single-product-details-block-and-add-to-cart-form-block – WooCommerce 7.6 Introduces Single Product Details Block and “Add to Cart” Form Block
• https://wptavern.com/wordpress-gears-up-for-2nd-women-and-nonbinary-release-squad -WordPress Gears Up for 2nd Women and Nonbinary Release Squad
• https://wptavern.com/wordpress-mobile-apps-get-a-new-support-forum – WordPress Mobile Apps Get a New Support Forum
• https://wptavern.com/wordpress-developers-are-experimenting-with-gutenberg-native-ai-block-and-content-assistants– WordPress Developers Are Experimenting With Gutenberg-Native AI Block and Content Assistants
• https://www.searchenginejournal.com/wordpress-security-plugin-vulnerability/484331/ – WordPress Security Plugin Vulnerability Affects +1 Million Sites
• https://wptavern.com/yoast-seo-20-5-drops-support-for-php-5-6-7-0-and-7-1 – Yoast SEO 20.5 Drops Support for PHP 5.6, 7.0, and 7.1

TUTORIALS AND HOW-TOS

• https://weglot.com/blog/multilingual-blog/ – How to write a successful multilingual blog – Weglot
• https://pluginrepublic.com/woocommerce-cart-upsell/ – Maximising cart upsells on WooCommerce
• https://www.wprssaggregator.com/blog-syndication/– Content Syndication Explained: What It Is & How to Do It – WP RSS Aggregator
• https://www.bizswoop.com/woocommerce-cross-sell/ – Cross Sell & Upsell in WooCommerce: The Basics – BizSwoop
• https://www.wpexplorer.com/smtp-send-emails-wordpress/ – How to Use SMTP to Send Emails From WordPress
• https://www.wpbeginner.com/plugins/how-to-bulk-convert-classic-blocks-to-gutenberg-in-wordpress/ – How to Bulk Convert Classic Blocks to Gutenberg in WordPress
• https://www.codeinwp.com/blog/how-to-create-a-portfolio-website/ – How to Create a Portfolio Website With WordPress

RESOURCES

• https://www.wpbeginner.com/beginners-guide/wordpress-seo-checklist/ – 13-Point WordPress SEO Checklist for Beginners
• https://www.elegantthemes.com/blog/wordpress/best-free-wordpress-hosting– 6 Best Free WordPress Hosting Options for 2023
• https://code.tutsplus.com/tutorials/the-5-best-ides-for-wordpress-development-and-why–cms-28789 – The 5 Best IDEs for WordPress Development (And Why)
• https://www.sitesaga.com/clickfunnels-alternatives/ – 10 Best ClickFunnels Alternatives & Competitors for 2023
• https://yoast.com/breadcrumbs-seo/– What are breadcrumbs? Why are they important for SEO?