Posts

Posted on

Easy WP SMTP 1.4.3 Patches Sensitive Data Disclosure Vulnerability

Category Image 032

Easy WP SMTP has patched a vulnerability that allows attackers to capture the password reset link from the plugin’s debug log file and gain unauthorized access to the site. The plugin is used by more than 500,000 WordPress sites to configure and send all outgoing emails via a SMTP server so they are less likely to end up in recipients’ junk/spam folders.

WPScan categorized the vulnerability as a “sensitive data disclosure:”

The plugin has an optional debug log file generated with a random name, located in the plugin folder and which contains all email messages sent. However, this folder does not have any index page, allowing access to log file on servers with the directory listing enabled or misconfigured. This could allow attackers to gain unauthorised access to the blog by reseting the admin password by getting the reset link from the log.

Easy WP SMTP version 1.4.3 contains the fix, adding an empty “index.html” file to the plugin’s folder to prevent anyone from browsing the files (even if the Option -Indexes is missing on that server). Users are advised to update immediately, as the vulnerability has already been exploited in the wild. Several users took to the plugin’s support forums to report attempts on their sites.

Jerome Bruandet, a security researcher from NinTechNet, reported the vulnerability and published a post explaining how an attacker might access the debug log where the plugin writes all the email messages sent by the site. Using author archive scans, the hacker can find a username and then send a password reset email that gets intercepted via the Easy WP SMTP debug log file:

Easy WP SMTP log file – source: NinTechNet

At the time of publishing, approximately 51.8% of users are on 1.4.x versions of the plugin. Without a more specific breakdown, it’s not clear how many users have updated to the patched 1.4.3 version. Approximately 59,000 sites have downloaded the plugin today, leaving many installations still vulnerable.

This is another case where automatic background updates on plugins can quietly save the day. Users who have auto-updates enabled for plugins have already received the fix. Administrators for older installations of WordPress or sites where auto-updates have been disabled will need to update manually as soon as possible.

Posted on

Web Performance Calendar

Category Image 052

The Web Performance Calendar just started up again this year. The first two posts so far are about, well, performance! First up, Rick Viscomi writes about the mythical “fast” web page:

How you approach measuring a web page’s performance can tell you whether it’s built for speed or whether it feels fast. We call them lab and field tools. Lab tools are the microscopes that inspect a page for all possible points of friction. Field tools are the binoculars that give you an overview of how users are experiencing the page.

This to me suggests that field tools are the future of performance monitoring. But Rick’s post goes into a lot more depth beyond that.

Secondly, Matt Hobbs wrote about the font-display CSS property and how it affects the performance of our sites:

If you’re purely talking about perceived performance and connection speed isn’t an issue then I’d say font-display: swap is best. When used, this setting renders the fallback font almost instantly. Allowing a user to start reading page content while the webfont continues to load in the background. Once loaded the font is swapped in accordingly. On a fast, stable connection this usually happens very quickly.

My recommendation here would be to care deeply about the layout shift if you use this property. Once the font loads and is swapped out you could create a big shift of text moving all about over the place. I once shipped a change to a site with this property without minding the layout shift and users complained a lot.

It was a good lesson learned: folks sure care about performance even if they don’t say that out loud. They care deeply about “cumulative layout shift” too.

Direct Link to ArticlePermalink

The post Web Performance Calendar appeared first on CSS-Tricks.

You can support CSS-Tricks by being an MVP Supporter.

Posted on

IF ELSE STATEMENT INSIDE SWITCH CASE

558fe5180e0e8fc922d31c23ef84d240

Hi everyone, I just want to ask if how i am able to make an if else statement inside a switch case. i want to execute something wherein the user may be able to choose again if he/she would like to do another transaction. for example, the user choose Yes the program will automatically display the main menu option and if the user doesn't want another the program will automatically print "Thankyou for using the program"

Posted on

Piglatin translating

558fe5180e0e8fc922d31c23ef84d240 
Hi guys, I have this assignment and I have to write a program to translate file from Piglatin to english without using the split function. My code only works for a word and I can't figure out how to do it for a sentence without the split function. Thanks in advance
Posted on

AMP version of noindexed page

Featured Imgs 11

If a page is noindexed, but includes a meta reference to an AMP version, is this a mixed signal?

Is the AMP version checked to see if its noindexed as well? Are there situations where you would want to index the AMP version but not the desktop version? Is Google even willing to index an alternate version of a URL when the primary version is noindexed?

Posted on

Correlation between new content and traffic

Featured Imgs 11

The new Crawl Stats in Google Search Console shows a breakdown of how much googlebot recrawls existing content for refreshing its index, and how much is discovery of new content.

Has anyone been working on increasing the rate of new content and seeing that correlate to a linear increase in traffic?

Posted on

Join Us For Smashing Meets Happy Holidays

Featured Imgs 23

If you are missing your festive meetups this year or just fancy seeing some friendly faces and learning some new things join us on December 17th for another Smashing Meets event.

Tickets are only 10 USD (and free for our lovely Smashing Members). The fun starts at 9AM ET (Eastern Time) or 15:00 CET (Central European Time) on the 17th December.

Ok. This is important. Smashing Meets by @smashingconf was soooo much fun. I will have to tune in whenever the timezone suits, it was an absolute blast!!!

— Mandy Michael (@Mandy_Kerr) May 19, 2020

This time, we will have talks from three speakers—Adekunle Oduye, Ben Hong, and Michelle Barker. There will be an interface design challenge and chance to network and meet other attendees. Just like an in-person meetup but you won’t have to go out in the cold!

If you want to know more about how our Smashing Meets events work, we have a review of a previous event, see some of the videos, or just head on over to the event page and get a ticket! I hope to see you there.

Posted on

Spamhaus Technology Launches Threat Intelligence API Beta

Featured Imgs 23

Spamhaus Technology Ltd has recently announced the release of its Intelligence API Beta. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behavior.  

Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies.

Posted on

Pascal – delete spaces from input text

558fe5180e0e8fc922d31c23ef84d240

So I just started learning Pascal and have problems understanding how deleting specific characters works

program Project1;
var
  a:string;
  b:char;
  c:integer;


begin
  readln(a);
  b:=(chr(32));

  for c:=1 to length(a) do
  begin
    if a[c]=b then delete;
  end;
   readln;
end.

The idea is that I input random text and get back the same text but without all spaces. Sounds simple but I just started learning pascal, so not really. Help would be appreciated :)
Probably more than one thing is wrong with this sh*t code.