Hackers to Use XSS Vulnerability in WP Plugin

Online stores are the victims of hacker attacks, but the patch is already available
14 March 2019   4581

Hackers install backdoors on websites of online stores through XSS vulnerability in WordPress plugin. Only administrators and privileged users can use the plugin - this allows you to run malicious code with high-level rights.

The plugin Abandoned Cart Lite for WooCommerce has more than 20 thousand downloads, it is widely distributed. The developers have already released a patch in version 5.2.

Apache NetBeans 11.2 IDE to be Released

The release contains support for the Java SE, Java EE, PHP, JavaScript, and Groovy programming languages
05 November 2019   123

Organization The Apache Software Foundation introduced the Apache NetBeans 11.2 IDE. This is the fourth release prepared by the Apache Foundation after the transfer of NetBeans code by Oracle and the first release after moving a project from an incubator to the category of primary Apache projects. The release contains support for the Java SE, Java EE, PHP, JavaScript, and Groovy programming languages. The transfer of C / C ++ support from the code base provided by Oracle is expected in release 11.3, scheduled for January. In April 2020, the release of Apache NetBeans 12 will be formed, which will be accompanied as part of an extended support cycle (LTS).

Key NetBeans 11.2 innovations:

  • Added support for Java SE 13. For example, the ability to use "switch" in the form of an expression rather than an operator is added. Highlighting and conversion operations are implemented for text blocks that include multi-line text data without using character escaping in them and preserving the original text formatting. The indicated features have so far been marked as test and are activated only during assembly with the "--enable-preview" flag;
  • Added new features of the PHP language, developed in the 7.4 branch, the release of which is scheduled for November 28. NetBeans added processing of such innovations as typed properties, the operator "?? =" ("a ?? = b" is similar to "a = a ?? b"), the ability to substitute existing arrays when defining a new array (operator "... $ var "), a new mechanism for serializing objects (a combination of Serializable and __sleep () / __ wakeup ()), the ability to visualize large numbers (1_000_000_00) and a new format for defining functions" fn (parameter_list) => expr "(for example," fn ($ x ) => $ x + $ y "is analogous to" $ fn2 = function ($ x) use ($ y) {return $ x + $ y;} ").
  • Performance optimizations are carried out: The search speed of binary files in the tree with source texts has been increased. On Linux and Windows, the WatchService interface provided by the Java NIO2 API is used to track changes to directories. Faster identification of files with archives;
  • Improved support for the Gradle build system. Added the ability to load Java compiler flags, which allows you to use Java experimental features in Gradle projects ("it.options.compilerArgs.add ('- enable-preview')"). Also added is the processing of user input in a tab that reflects the progress of the assembly (Output). When starting the Gradle Daemon background process, the org.gradle.jvmargs property is now taken into account;
  • The problems with the license for the code with the JavaScript parser were resolved due to which the parser had to be installed separately earlier. Now the graal-js parser has been transferred from the GPL to UPL (Universal Permissive License);
  • Installer work has been improved, in which support for the custom installation of individual NetBeans components has appeared;
  • Payara application server support updated to Payara Platform 5.193;
  • Added support for the extended attribute syntax in HTML5 used in Angular (for example, <input [value] = 'test' />, <input (change) = 'test' />, etc.)