Vulnerable Plugins
This week’s report is, fortunately, not too bad. Just six disclosures. There were two more that I saw information on, but was unable to confirm. My guess is that if they turn out to be legit, we’ll see them pop up in the next week.
WordPress News
Probably the biggest piece of news this week is the announcement by Matt that WordPress will be officially dropping support for Internet Explorer less than version 11.
“…we are officially ending support for Internet Explorer versions 8, 9, and 10, starting with WordPress 4.8.”
The other piece of news (well, less “news” and more awareness) is that of WordPress 4.7.4 they included the latest release of TinyMCE. That version of TinyMCE includes a change to how it handles links that open in new windows.
“…all links with a target of _blank will get a rel attribute of noopener noreferrer.”
If you’re unfamiliar with noopener, it prevents a page being opened in a new window/tab from having access to the window.opener object, an issue called Tabnapping. Firefox doesn’t support noopener, so you have to include noreferrer. Read more about how the vulnerability manifests itself. If you noticed these showing up in your links, now you know it’s there to protect your users.
WordCamp Kansas City
WordCamp Kansas City (#wckc) kicks off today. Unfortunately, I won’t be there today, but will be speaking tomorrow morning at nine, and then will be attending the rest of the day. Definitely looking forward to seeing everyone!