16.5 C
New York
Tuesday, May 24, 2022
SaleMaster | Creative Multipurpose Shopify Theme
Eduma Premium Education WordPress Theme

Weekly News: 300,00+ Installations of Catch Themes WordPress Plugins Vulnerable

300,00+ Installations of Catch Themes WordPress Plugins Vulnerable

Cross Site Request Forgery (CSRF)

These vulnerabilities allow any logged-in user, even a subscriber, to perform changes that are usually reserved for WordPress users with the highest editing privileges, like the administrator of the website.

Wordfence Reports Vulnerability in Catch Demo Import WordPress Plugin

The Catch Themes Demo Import WordPress plugin was found to have an Arbitrary File Upload Vulnerability.

It’s unclear how severe this specific vulnerability is. The vulnerability was rated by Wordfence as 9.1 on a scale of 1 – 10 and described as Critical. However, the vulnerability was listed on the US government National Vulnerability Database with a rating of 7.2 (High).

Over 300,000 Installations Affected

Ten Most Popular Vulnerable Catch Theme Plugins:

  1. To Top – 80,000 Installations
  2. Essential Content Types – 50,000 Installations
  3. Catch IDs – 40,000 Installations
  4. Catch Web Tools – 20,000 Installations
  5. Social Gallery and Widget – 20,000 Installations
  6. Catch Infinite Scroll – 20,000 Installations
  7. Catch Gallery – 20,000 Installations
  8. Essential Widgets – 20,000 Installations
  9. Catch Instagram Feed Gallery & Widget (Social Gallery and Widget) – 20,000 Installations
  10. Catch Themes Demo Import – 10,000 Installations

Seventeen Catch Themes Vulnerable Plugins:

These are the seventeen plugins reported by WPScan to have a vulnerability that was subsequently patched:

  1. Essential Widgets
    Fixed in version 1.9
  2. To Top
    Fixed in version 2.3
  3. Header Enhancement
    Fixed in version 1.5
  4. Generate Child Theme
    Fixed in version 1.6
  5. Essential Content Types
    Fixed in version 1.9
  6. Catch Web Tools
    Fixed in version 2.7
  7. Catch Under Construction
    Fixed in version 1.4
  8. Catch Themes Demo Import
    Fixed in version 1.6
  9. Catch Sticky Menu
    Fixed in version 1.7
  10. Catch Scroll Progress Bar
    Fixed in version 1.6
  11. Catch Instagram Feed Gallery & Widget (Social Gallery and Widget)
    Fixed in version 2.3
  12. Catch Infinite Scroll
    Fixed in version 1.9
  13. Catch Import Export
    Fixed in version 1.9
  14. Catch Gallery
    Fixed in version 1.7
  15. Catch Duplicate Switcher
    Fixed in version 1.6
  16. Catch Breadcrumb
    Fixed in version 1.7
  17. Catch IDs
    Fixed in version 2.4

Users Recommended to Consider Updating to Latest Plugin Versions

Publishers who use the affected Catch Themes plugins who wish to avoid unintended consequences from using vulnerable versions of those plugins should consider upgrading to the very latest versions of the plugins now available.

Failure to do so may lead to unnecessary exposure to a hacking event.

Citations

Read WPScan Advisory on Catch Themes Plugins

Multiple Plugins from CatchThemes – Unauthorised Plugin’s Setting Change

Wordfence Advisory of Catch Themes Plugin

Catch Themes Demo Import <= 1.7 Admin+ Arbitrary File Upload

National Vulnerability Database Catch Themes Plugins Advisories

Catch Themes Demo Import WordPress plugin vulnerability CVE-2021-39352 Detail

Source: 300,00+ Installations of Catch Themes WordPress Plugins Vulnerable

Google throttled AMP page speeds, created format to hamper header bidding, antitrust complaint claims

Newly unredacted complaints against Google allege that the search giant’s Accelerated Mobile Pages (AMP), which the company claimed would “dramatically improve” mobile web performance when it launched in 2015, was in fact a scheme to coerce publishers into using the format in order to limit advertising dollars not spent on its own ad exchanges.

The complaint, which is led by the State of Texas on behalf of 12 mostly Republican states, goes so far as to allege Google even throttled the load speed of pages not using AMP in order to give a “nicer comparative boost” to AMP.

“Throttling non-AMP ads slows down header bidding, which Google then uses to denigrate header bidding for being too slow,” it reads. “‘Header Bidding can often increase latency of web pages and create security flaws when executed incorrectly,’ Google falsely claimed. Internally, Google employees grappled with ‘how to [publicly] justify [Google] making something slower,’” according to the complaint.

The lawsuit, which cites internal Google documents, was originally filed on Sept. 9 and was heavily redacted. However, a ruling by a Manhattan judge forced the release of the mostly unredacted version on Friday.

Targeting header bidding. At the center of the issue is header bidding, an advertising practice where publishers can place their ad inventory on numerous ad exchanges at once. It’s a method meant to sidestep Google’s “waterfall” approach to bidding, which often favors Google’s ad servers. Publishers generally like header bidding because of its potential for higher revenue and transparency.

A damning indictment of AMP. The complaint is not wrong that publishers have held a love/hate relationship with AMP. The premise itself goes against publisher instincts. AMP requires us to create versions of our content on servers we do not own using templates we have limited control over. The tradeoff meant improved user experience on mobile and a greater likelihood of showing up in Top Stories, a placement that can yield significant traffic. Using AMP wreaks havoc on internal analytics, too,  since it makes it very difficult to track users migrating across a site’s AMP and non-AMP pages.

Source: Google throttled AMP page speeds, created format to hamper header bidding, antitrust complaint claims

WPChill Takes Over Gutenberg Forms, Plans To Shake Up the Free Forms Market

WPChill is now the owner of Gutenberg Forms, a project created by Munir Kamal. While still rough around the edges a year ago, the plugin was updated regularly and was something to at least keep an eye on as it matured. Extendify acquired it alongside Kamal’s Editor Plus and Gutenberg Hub at the end of 2020.

Then, Gutenberg Forms seemed to stall. Since Extendify took over the project, outside of bug fixes, most of the changes revolved around the addition of its commercial template and pattern library. However, the plugin still racked up over 1,000 active installs and a 4.6-star rating.

Cristian Raiber, the CEO of WPChill, said he had discussed acquiring the plugin early on. However, he backed out before closing the deal because his company already owned Kali Forms, a commercial forms solution.

“After a while of not gaining enough market share with Kali Forms, we circled back, and luckily, this time around, Chris Lubkert, the CEO of Extendify, was actually looking for someone to take over the project (adopt it) and keep it going,” he said.

There are no plans to merge the two form solutions. Both plugins serve different markets.

“Kali Forms is a more complex and complete solution whereas Gutenberg Forms just focuses on simpler forms, which also makes it limited in functionality but also in scope,” said Raiber. “There’s a market for people who just need a basic form solution built into Gutenberg, and we just happen to be the new owners of that solution.”

Gutenberg Forms is still in its infancy, and there are many paths the new development team could take. Given enough time and resources, WPChill could shake up the free forms market.

Contact form builder within the WordPress block editor.

Source: WPChill Takes Over Gutenberg Forms, Plans To Shake Up the Free Forms Market

Why Is TikTok So Popular?

A Neilsen study attempts to explain why.

Commissioned by TikTok, the study analyzes data from over 8,000 survey respondents who were asked questions regarding their perception of the site’s content.

The objective of the study is to understand what people value about TikTok. Results offer insight into why it’s become a cultural phenomenon.

Users Say TikTok Is Authentic

Users feel like they can be themselves on TikTok, which could be a contributing factor to its popularity.

Users Say TikTok Makes Them Happy

TikTok content brings joy, the study finds, and who doesn’t need more of that in their lives?

“An average of 31% of TikTok users included “lifting my spirits” as one of the top three reasons for returning to the TikTok platform again and again.”

TikTok Is Unique And Different

Users feel like they can go on TikTok and see content they can’t get anywhere else.

While they may see the same content shared across Instagram, Facebook, and Twitter— TikTok stands apart as a place to discover something new.

TikTok Is A Community

Among TikTok’s greatest strengths is the sense of community felt by its users.

That’s demonstrated by the viral challenges users take part in.

The ability to sample others’ content and add to it also helps users build stronger connections.

In short— TikTok users feel comfortable on the platform and are even excited to engage with one another.

A common theme throughout this data is positivity. Users enjoy their time on TikTok, they’re delighted by the unique content they find, and they feel safe expressing themselves with their own content.

Source: Why Is TikTok So Popular?

Navigating Google’s title changes: The rollout, what’s happening now and what you can do about it

In August, Google introduced a new system for generating title links (the title of a search result in Google Search). “This is because we think our new system is producing titles that work better for documents overall, to describe what they are about, regardless of the particular query,” the company explained.

However, during the new system’s initial rollout, SEOs provided example after example after example of titles that not only failed to describe what the page was about, but may also confuse users and deter them from clicking through. Fortunately, the situation has since improved, but placing blind faith in Google’s new system can mean that you’re ceding control over a crucial aspect of your content, which could ultimately affect your business. Below, you’ll find a synopsis of how Google’s title changes have evolved, how you can verify whether your titles have been changed and what you can do to regain control over them.

Title changes: Then and now

A tale of two title changes. Google has been adjusting titles links for a long time. In 2014, the company explained that it might change a title to match the query (to a certain extent). This is an important detail because Google would later cite these historical practices as precedent for its new system — a justification that some SEOs found misleading as the magnitude and impact of the changes contrast sharply.

The first weeks of the title change rollout. When the new title change system rolled out in August, SEOs took to Twitter to share examples of poorly rewritten titles in the search results. “While many of the title overwrites made sense and were unlikely to negatively affect performance, there were many (too many) examples of title overwrites gone awry,” said Lily Ray, senior director, SEO and head of organic research at Amsive Digital.

The nature of Google’s title rewrites. “It appeared that Google was truncating some article headlines in strange ways that changed the meaning of the title,” said Ray, “In other cases, it seemed that punctuation, like quotation marks or dashes, caused the title to break early. In even rarer and stranger situations, Google would choose anchor text or other article text to display as the title, which was occasionally taken out of context and was a poor representation of the full page content.”

Google has since improved its title rewrites. After the initial blowback from the SEO community, Google’s Danny Sullivan published a post explaining why Google made the title changes. Several weeks after that, the company published more help documents on controlling titles and descriptions in Search. Just as important, Google’s explanations seem to be accompanied by improvements to its title change algorithm.

What to do if you suspect Google is changing your titles

“Essentially, you’ll need a way to start tracking and trending titles. You’ll need to collect your site’s popular search terms, and then gather the Google SERPs title and compare it to the actual title,” Sliva said. In addition to that, there’s Thruuu, Keywords in Sheets solution, and this creative bookmarklet to inject titles into a SERP.”

Ahrefs users also have a new tool that enables them to export title changes for deeper analysis. Brodie Clark has provided instructions on how to get started with it and how he analyzes the data.

The new tool is in the “Top pages” tab underneath the “Site Explorer 2.0” heading. Once you’re there, you’ll have to toggle the “SERP titles” button and change the date for comparison. Next, you can export the data for analysis.

“There are important aspects to keep in mind when interpreting the data to ensure you’re getting an accurate depiction,” Clark said, recommending that SEOs remove new URLs and URLs that are no longer ranking so that they’re only looking at titles that are eligible for comparison.

“Changing the grouping of the rows to the top pages based on est. traffic that has had a title link change, we can see trends for what has changed,” Clark said. At this point, you’ll have to perform a manual review. “When completing the manual review, you’ll also need to look out for titles that have manually changed for pages during the comparison period,” he added.

What you can do if you’re unhappy with how Google changed your titles

Some titles may still be unsatisfactory — it can be argued that the example in line #3 from the chart above is less informative than the original title, for example. Unfortunately, there is little you can do to directly change Google’s title links, but embracing a more holistic view of the issue can help you craft more informative titles and avoid bad rewrites from Google.

One thing you can do to bring a particularly inaccurate title change to Google’s attention is to submit feedback: “Google created a form where you can submit your feedback for incorrect or egregious titles,” Lily Ray pointed out, “Otherwise, pay attention to when the overwrites take place and what they look like; this could provide insight into potential issues Google may have with your titles and offer some inspiration about how to adjust them. Google also offers clear examples about the types of titles it intended to overwrite, so you can evaluate whether your titles fall into any of those categories.”

The more things change, the more they stay the same

For SEOs. We’re now accustomed to optimizing for rich results, featured snippets, knowledge panels and dozens of other non-traditional search features, but titles — as Google has now reminded us — are one of the oldest forms of on-SERP SEO. 

For the industry. We rely on Google for traffic and Google relies on us for content to show users. When the title changes rolled out in August, Google said it wasn’t new, which was only half-true as the search engine has been known to replace titles, but had not done so to the extent that we’ve recently experienced.

Source: Navigating Google’s title changes: The rollout, what’s happening now and what you can do about it

More News:

Shopify & Microsoft Team Up To Help Merchants Reach More Shoppers

Facebook plans to change its name as part of company rebrand

Podcast knowledge panels go live in Google Search

Related Articles

Eduma Premium Education WordPress Theme

Latest Articles