Tag Archive for wordpress

Blind SQL Injection Flaw in WP Statistics Affected 600K+ Sites


According to researchers from Wordfence Threat Intelligence, WP Statistics has a Time-Based Blind SQL Injection vulnerability which is a WordPress plugin with over 600,000 active downloads. VeronaLabs developed the plugin, which provides site owners with comprehensive website statistics.

An unauthenticated attacker may use the vulnerability to extract sensitive information from a WordPress website using the vulnerable plugin. The vulnerability has a CVSS score of 7.5 (high severity), and it affects plugin versions prior to 13.0.8. 

Accessing the WP Statistics "Pages" menu item, which produces a SQL query to provide statistics, allows site administrators to see comprehensive statistics about their site's traffic. Researchers discovered that even without admin rights, it was possible to access the WP Statistics "Pages." 

The analysis published by Wordfence states, “While the “Pages” page was intended for administrators only and would not display information to non-admin users, it was possible to start loading this page’s constructor by sending a request to wp-admin/admin.php with the page parameter set to wps_pages_page.” 

“Since the SQL query ran in the constructor for the “Pages” page, this meant that any site visitor, even those without a login, could cause this SQL query to run. A malicious actor could then supply malicious values for the ID or type parameters.” 

As the SQL query did not use a prepared statement, an attacker could easily exploit the input parameter to circumvent the esc sql function and generate queries that could enable an attacker to extract sensitive data from the site, such as user addresses, password hashes, and encryption keys and salts. 

“In a targeted attack, this vulnerability could be used to extract personally identifiable information from commerce sites containing customer information. This underscores the importance of having security protections with an endpoint firewall in place wherever sensitive data is stored,” the post further read. 

The timeline for the vulnerability is as follows: 

March 13, 2021 – The Wordfence Threat Intelligence team finishes researching a vulnerability in the WP Statistics plugin and contacts VeronaLabs. VeronaLabs responds and Security Affairs provides full disclosure. 

March 15, 2021 – VeronaLabs replies with a fixed version for Security Affairs to test and they verify that it corrects the issue. 

March 25, 2021 – A patched version of the plugin, 13.0.8, is released.

move website from Joomla to wordpress

joomla to wordpress

A lot of people use Joomla to manage and publish their websites. While Joomla is a good platform, it is definitely not for everyone. Maybe you are among those users who have decided that you want to switch from Joomla to WordPress. You have heard a lot of people talking about WordPress and it’s ease of use. You want to utilize the power of WordPress plugins and themes. Well if you want to migrate your Joomla site to WordPress, then you are in the right place. In this article, we will show you how to move your site from Joomla to WordPress.

First thing you need to do is choose a web host and install WordPress. Once you have WordPress up and running, go to the WordPress admin area to install and activate FG Joomla to WordPress plugin. (Learn how to install plugins in WordPress).

After activating the plugin, go to Tools » Import. You will see a list of import tools available for your WordPress installation. Click on Joomla (FG) from the list of available tools.

Now you have reached the Joomla Importer for WordPress page. On this page, you need to provide your Joomla website and database information.

Provide your Joomla website database information

You can get the database settings from your Joomla website’s administration area, under Global Configuration » Server tab. This information is also stored in configuration.php file in your Joomla website’s root folder. You can access this file by connecting to your website using an FTP client and opening configuration.php in a text editor like notepad.

Getting your database settings from Joomla Administration area

After providing your database information scroll to “Behavior”. If you want to import media files such as images from Joomla to WordPress make sure that you have checked Force media import option. Finally click on “Import content from Joomla to WordPress” button.

Import content and media from Joomla to WordPress

The plugin will run a script and start importing your content from Joomla to WordPress. Depending on how much content you have, the import process may take some time. Once it is completed you will see a notice like this:

Successfully imported content form Joomla to WordPress

Once you have imported all your content from Joomla into WordPress, the next step is to fix all broken internal links. Scroll down to the bottom of the Joomla (FG) importer page and click on Modify internal links button.

Fix broken internal links after importing content from Joomla to WordPress

Troubleshooting Joomla to WordPress Import

  • The most common error people report during the import is “Fatal error: Allowed memory size of ****** bytes exhausted”. You can easily fix WordPress memory exhausted error.
  • If you see database connection errors then you need to recheck your database settings and make sure you are using correct login credentials.
  • Sometimes importing media may not work because your web host may have disabled allow_url_fopen directive in php.ini.

We hope that this article helped you move your site from Joomla to WordPress. If you need help, you will find plenty of tutorials in our archives. WPBeginner is the largest free WordPress tutorials site for beginners, and we are excited for you to join the WordPress community.

Original post from: http://www.wpbeginner.com/wp-tutorials/how-to-move-your-site-from-joomla-to-wordpress/

How to display more than 20 posts on wordpress – wp-admin

wordpress logo

very simple,  you can change the limit . Try this:

Go to Admin->Posts->All Posts
Click ‘Screen Options’ at the top right
Enter a new value in the ‘Posts’ box
Click ‘Apply’

WordPress MySql Statement To Delete All Pending Comments

I have over 1800+ pending comments and most of them are spams in WordPress based blog. How do I delete all (mass delete) the pending comments using sql statements?

Read answer to: "WordPress MySql Statement To Delete All Pending Comments"

Tweet this    Share on Facebook

how to align – div – tag middle in wordpress

Like normal Html align=center wont work on wordpress so you have to use

<div id=”content”>


<div id="content"> is just the opening tag for the content div, which is the container in which all the content goes. The styling for it goes in the theme’s style.css stylesheet. For every opening div there needs to be a corresponding closing </div>, if the closing div is missing it would definitely cause display problems.