April 23, 2015 — By Dale Mugford
On April 20, a vulnerability in certain implementations of WordPress’s add_query_arg and remove_query_arg functions was subject to coordinated disclosure and patches. The vulnerability has been linked to flawed documentation in the WordPress codex.
In the course of a code search looking for the use of these functions across the WordPress.org plugin repository, vulnerable use of these functions was identified in WPtouch Pro’s theme and extension switching routines. This code is present in versions 3 and higher of both the free and Pro editions of WPtouch, though it is only used in the Pro edition.
The release of 3.7.6 of our plugins addresses this vulnerability in WPtouch Pro 3 and also corrects the inactive code in WPtouch 3.
Other plugins affected by this vulnerability included:
- WordPress SEO
- Google Analytics by Yoast
- All In one SEO
- Gravity Forms
- Multiple Plugins from Easy Digital Downloads
- Download Monitor
- Related Posts for WordPress
- My Calendar
- P3 Profiler
- Multiple iThemes products including Builder and Exchange
- Ninja Forms
Although though the free edition of WPtouch includes some of the affected code, it is not executed in the regular operation of the plugin and will not expose users to vulnerability.
Versions of WPtouch and WPtouch Pro predating the 3.x release (such as WPtouch 1.9, and WPtouch Pro 2.x) do not use the add_query_arg and remove_query_arg functions and are also not subject to this vulnerability.
There is no security-related need to automatically update versions of the plugin not affected by this vulnerability.
As always we endorse keeping your WordPress installation and plugins up to date with all released updates.
April 21, 2015 — By Duane Storey
As many of our customers and readers know, today is the day when Google officially starts to rollout its mobile algorithm changes that will favour websites with mobile-friendly versions. In terms of its ultimate impact, many SEO experts are estimating it will be larger than both the disruptive Panda and Penguin updates combined.
Achieving Google Mobile-Friendly Status with WPtouch Pro
WPtouch Pro is a Google-recommended mobile-friendly solution for WordPress, and most users who purchase it can achieve mobile-friendly status on their entire website in less than five minutes. Compared to the cost of reworking an existing website to achieve this, or starting from scratch with another commercial theme, the lack of time and financial investment required by WPtouch Pro to achieve this important status with Google is an easy decision for our customers to make.
We thank everyone who has trusted WPtouch Pro to help their WordPress websites achieve mobile-friendly status, and as always, we are here to help new customers who are unsure how to proceed. For most people, it’s just a matter of adding WPtouch Pro to their existing website and activating the plugin from the Plugins menu in WordPress.
April 13, 2015 — By Dale Mugford
Starting April 21, websites that are not mobile friendly will find themselves losing rank in Google’s mobile search results.
Many website owners have already used WPtouch Pro, Google’s recommended solution for WordPress websites, to easily and affordably get their website ready for the switchover.
To make sure you’re fully equipped to pass Google’s test, we’ve produced a free guide to making your website mobile-friendly with WPtouch.
Download the guide for information about the change, tips for choosing themes and configuring WPtouch Pro, and easy steps to confirm Google sees your mobile-friendly website.
Want to know more about Google’s changes? Read our earlier post.