WP Builds Newsletter #54 – WordPress 5.1.1, plugin updates and Facebook goes down

This weeks WordPress news – Covering The Week Commencing 11th March 2019:

WordPress Core

WordPress 5.1.1 Patches Critical Vulnerability
“WordPress 5.1.1 was released yesterday evening with an important security update for a critical cross-site scripting vulnerability found in 5.1 and prior versions. The release post credited Simon Scannell of RIPS Technologies for discovering and reporting the vulnerability…”


WordCamp Nordic Hosts Successful Kids Workshop
“WordCamp Nordic hosted a successful kids workshop over the weekend where participants learned how to start publishing with WordPress. The event was held during Contributor Day at the same venue, tucked into a comfortable corner with soft chairs and ample floor space for the kids to stretch out…”

GoDaddy Pro

Call for testing: WordPress for Android 12.0
Help needed to test the latest version of the WordPress Android app with some updated block editor capabilities.

Want to get your product or service on our 'viewed quite a lot' Black Friday Page? Fill out the form...

WordPress Community Sessions at 2019 Nonprofit Technology Conference a Big Success!
“On Tuesday, March 12, 2019, I spent the day with members of NTEN’s WordPress community at the Nonprofit Technology Conference‘s (NTC) pre-conference day. This was the first year the community had their own track of sessions alongside sponsored sessions, and they were fabulous…!”

How Brexit Will Affect WordPress Plugin and Theme Sellers
“The UK’s imminent departure from the EU (European Union) has left businesses across Europe struggling to understand how this change will affect them. For WordPress theme and plugin businesses, it makes EU VAT collection and payment even more complex than it already is…”


XSS Vulnerability in Abandoned Cart Plugin Leads To WordPress Site Takeovers
“Last month, a stored cross-site scripting (XSS) flaw was patched in version 5.2.0 of the popular WordPress plugin Abandoned Cart Lite For WooCommerce. The plugin, which we’ll be referring to by its slug woocommerce-abandoned-cart, allows the owners of WooCommerce sites to track abandoned shopping carts in order to recover those sales…”


From Beaver Builder – Assistant – Every-day Productivity Apps
“Assistant is an every-day productivity tool that lets you navigate your WordPress site and handle quick tasks without needing to go to the WordPress Admin area. Note – This is an early preview release. A full 1.0 release of Assistant will be coming later this year…”

Forminator Quizzes now With Integrations and Wizardry
“Forminator, our WordPress form, poll & quiz builder, was just released this year and has already moved into our top 10 most active pro plugins – and his powers are only expanding! This time it’s Quizzes, now with integrations, a new wizard, and a multi correct answers upgrade…”

Warp iMagick
New plugin to squash and optimise your images.

Engage Your Audience With Sticky Videos on Page Scroll!
“We are providing you the option to make this video sticky for better viewability. A sticky video will pin the video across the edges of the browser. It gives visitors the ability to read a full page while viewing the video simultaneously…”

WP Builds

Using Groundhogg to self host your email marketing with Adrian Tobey
“Email marketing is usually the domain of expensive SaaS apps. Well, not any more. With the Groundhogg WordPress plugin you can automate all-the-things from inside your website! It’s got lots of customisation options and works with a visual builder, just like the services that you’re currently using. Adrian comes on to tell us about how it all got started and how the plugin works and what scenarios it might be useful for…”

Not WordPress, but useful anyway…

Massive Facebook Outage
“It’s not just you. Facebook is undergoing an outage today, March 13, 2019. The outage appears to have started at noon eastern time, which is about 9 AM Pacific. This outage is preventing many people from posting to Facebook onto their news feed…”

Automattic Takes on Facebook with “A Meditation on the Open Web”
“Last week Automattic published a video titled “A meditation on the open web” that calls out Facebook as the antithesis of the open web…”

Chrome Extension – Cloud Vision
“Adds a right-click menu item to images to detect text, labels and faces…”

The WP Builds podcast is brought to you this week by…

GoDaddy Pro

The home of Managed WordPress hosting that includes free domain, SSL, and 24/7 support. Bundle that with the Hub by GoDaddy Pro to unlock more free benefits to manage multiple sites in one place, invoice clients, and get 30% off new purchases! Find out more at go.me/wpbuilds.

The WP Builds Deals Page

It’s like Black Friday, but everyday of the year! Search and Filter WordPress Deals! Check out the deals now

Transcript (if available)

These transcripts are created using software, so apologies if there are errors in them.

Read Full Transcript

Nathan Wrigley: 00:00 Hello there. Good morning and welcome to the WP Builds WordPress weekly newsletter number 54 this newsletter covers the WordPress news for the week, commencing the 11th of March, 2019 and it was published on Monday the 18th of March, 2019 just a couple of things before we begin, if you wouldn't mind going over to the newly, beautified WP Builds, subscribe page at wpbuilds.com forward slash. Subscribe. It's not that beautiful to be honest, but there you go and you can subscribe to all of the things that we do. We're on Youtube and we have a newsletter. In fact, we have two newsletters because we've started a new one and you can find it on that page. There's two forms. One is to be alerted to the weekly news and the weekly podcast that we do and the other one is to be alerted for product deal discounts, that kind of thing. So when a product discount comes through on my email, I'm going to immediately turn around and post it to that email list so that you can benefit from those.

Nathan Wrigley: 01:07 I'm going to make it really clear in the title what it's about. So for example, it might be 20% off the awesome plugin so that you know, I don't need to open this and you could just been it, but if it looks appealing, you could open it up. The other thing to say is go to forward slash. Webinars. We've got some webinars coming up this week. Forward slash deals if you want to get some deals off some WordPress products and forward slash. Advertise. If you would like to advertise on the WP Builds podcast, speaking of which the WP Builds a newsletter is brought to you today by Kinsta. Are you tired of an unreliable or slow hosting? If so, check out Kinsta who takes managed WordPress hosting to the next level, powered by the Google cloud platform. All their plans include PHP seven ssh and 24 seven experts support migrate today you for free at Kinsta dot com and we do really sincerely thank them for their support of the WP Builds podcast and newsletter.

Nathan Wrigley: 02:06 Okay, let's get stuck into the news items today. The first one is under the umbrella of WordPress core and it's on the WP tavern website and it's entitled WordPress 5.1 0.1 patches, critical vulnerability and it say's WordPress 5.1 0.1 was released yesterday evening with an important security update for critical cross site scripting. Vulnerability found in 5.1 and prior versions, the release post credited Simon Scamel of rips technologies for discovering and reporting the vulnerability. Um, essentially an attacker could take over a WordPress site which has comments enabled. There was some jiggery pokery where they would miss direct you to a site of their choice and then they would be able to then access your own site via cross site. And if you have comments enabled, which of course WordPress does by default, they would be able to run some remote code and get a full takeover of your server.

Nathan Wrigley: 03:09 So obviously this is pretty critical. If you've got WordPress automatic updates enabled, which I hope you have, then you should be updated and probably got an email to say that you were, if not to go and update immediately because you possibly have got comments switched on and you don't want this to happen. So there we go. Nice to see that things are being updated to keep us safe. The next few items are under the umbrella of community and the first one, I mentioned this a couple of weeks ago, that word Camp Nordic was going to have some kids workshops. The idea would be that they would put some children in front of a WordPress install and get them to create content and see how simple it was to use WordPress. Well, it's happened and really it's just a lovely little posts on WP tavern with some photographs of some children sitting around interacting with WordPress.

Nathan Wrigley: 03:59 And I think it's lovely. I mean obviously it wasn't particularly high levels stuff. They were interacting with Gutenberg and they were creating posts and adding content and adding images and those kinds of things. But nevertheless, that's how it all begins and what's fascinating, what came out of it was that they were completely agnostic about the the the editor, so whether it was the the block editorial Gutenberg, they didn't care because they didn't bring any baggage or expectations and they were able to edit things with Gutenberg all the block editor very, very easily. Anyway, just a lovely, lovely community. Bit of new, so I'm passing on. The next one is requiring or asking the community to test the WordPress for android 12.0 Beta. It's rolled out and essentially they've made some modifications to the block editor. They've added the capability for you to do things with the block editor in the Beta version of 12.0 and very simply, I'm mentioning this so that if you're an android user and you want to check and test the Beta version of the android version of WordPress, now is the time to do it because they need your help.

Nathan Wrigley: 05:06 Okay. The next community piece of news is over at the mr w web .com website and it's entitled WordPress Community Session 2019 nonprofit technology conference was a big success. There's not a lot more to say about it and that really other than that earlier this week, um, a whole bunch of people went to a nonprofit technology conference or NTC and they spoke about WordPress with the people there. And so this article is lots of photographs, lots of people interacting possibly for the first time with WordPress. People explaining about um, how things work in lightening talks and, and what the community can do and how you can interact with WordPress and how you can use it. Just nice to see that people are stretching outside of word camps to spread the news about WordPress. This one is all about the dreaded subject. If like me, you live in Britain, there is one word which you fear to speak and it is the word Brexit.

Nathan Wrigley: 06:05 Well, if you are selling from the United Kingdom into Europe or conversely from Europe into the United Kingdom, the and you're a plugin developer or a theme developer, then you need to know about your position visa vi Brexit because things like the tax regime are going to change. The amount of paperwork that you're going to have to produce when you sell things across border will change as well. And so this article on the freemius dot com website, which I've linked to in the show notes is g is explaining what your obligations are and how you might go about tackling those so that you are compliant with the law. Now it's a bit of a piece where they're trying to promote the freemius platform because at the end they go on to say, well, we'll take care of this for you. And well, that might be an option to freemius is a growing platform for distributing and selling WordPress based product.

Nathan Wrigley: 06:58 So maybe that's something you want to look at as well. Okay. The next one falls under the on banner of security and you can find this on the word fence website. It's entitled Xss, vulnerability in abandoned cart plugin leads to WordPress site takeovers. The long and the short of it is that if you have the abandoned cart light for WordPress or the abandoned cart pro for WordPress plugin, um, you are leaving yourself vulnerable. A lack of sanitization on both input and output allows attackers to inject malicious javascript payloads into various data fields which will execute when a logged in user with administrator privileges views the list of abandoned carts for their WordPress dashboard. As always, Wordfence do a great job of writing up the technical details, but all I'm going to say here is if you've got that plugin abandoned cart for WooCommerce, then maybe it's time to get yourself updated immediately because there is a fix for this and you should go and get it and you can read all about the technical details on the the Wordfence website.

Nathan Wrigley: 08:06 Okay. Some nice plugin updates this week. The first one is from the beaver builder team and fairly left field. I didn't see this one coming. They've launched in Beta, a new product called assistant. Now I'm going to really struggle to explain what this does. But Brent from the beaver builder team has made an excellent video and if you click on the link, you'll be able to see what it does. Essentially you will have a little icon wants. This plugin has been installed at the bottom right of your screen. It looks a little bit like a very chubby pencil and you click on that and our menu, like a sidebar swoops in from the right of the screen, allowing you to interact with all sorts of things that you might traditionally be left going to the WP admin to do. So for example, you can change, um, post titles.

Nathan Wrigley: 08:54 You can find posts that you wrote within a certain timeframe. You can add and get URLs for images. And so it really, I think the intention here is that over time it will become a very simple interface for doing many of the jobs that you have to click multiple times to find in the WP admin. Now at the moment the options are fairly limited, but the intention of this is that it becomes a platform, not a plugin. So other people will then contribute their own code through the API and we'll be able to add features, bolt features on top. But I did not see this coming. Very exciting. The assist, it's called assistant every day. Productivity apps by the beaver builder team. Go and click on the show note link to find out more wpm you dev have updated their Forminator plugin Forminator is their rival to gravity forms and Ninja volumes and so on.

Nathan Wrigley: 09:51 And they've added the ability to add quizzes through a wizard. Now they've had the ability, I believe to add quizzes for a fairly long time since it's been out more or less. But now they've added this sort of wizard where, which steps you through the process so that you can create your, um, great your quizzes with the answers and the feedback of the results in a much more intuitive Ui. Looks pretty good. I actually did have a play with it and I was able to come up with something pretty quickly. So if you're using it, there you go. You've got a nice update to look out. Here's another new thing. This is called warp. I magic and it's spelled I m a, G, I, C K and it appears to be a free optimization plugin for WordPress images. Now I'm not going to go through the whole lot, but it does things like reduce image size, reduce the original image size, uh, works on servers where execution is not allowed.

Nathan Wrigley: 10:50 It does quality, you can vary the quality of the compression and the type and all of that kind of stuff. And it looks, looks pretty good to me. I confess, I haven't tried it. It came across my news feed, so I thought I'd mentioned it to you if you are in need of, um, cheap in this case, free by the looks of it. Image optimization to speed up your WordPress website. Okay. And the last one, which comes under the banner of Plugins, this is brainstorm forces, ultimate ad-ons for elemental. They've added a lovely new feature for you, elemental users, which enables you to put a video into your page or post. And then when the video is scrolled out of the viewport, it pops the video into a corner so that you can carry on watching it. The other, the, I can imagine this, it'd be really good for kind of like tutorial websites where you know, you're trying to explain something and looking at the code which might go on and on or a tutorial of something else.

Nathan Wrigley: 11:47 You don't want them to keep having to scroll back up to see where the video is imposed it so it sticks it at the left or the right of the screen. You can then actually interact with it with your mouse and position it on the screen where you like. But it only happens when you scroll the video out of view and it looks really cool. So you've probably seen this with things like Facebook, they do this, um, but now if you're an elemental user you can do this too. So that's a really nice update. So this next one is about us WP Builds. This week we had episode 119 which was entitled using groundhog to self host your email marketing with Adrian Toby. Okay. So Groundhogg is a plugin which you can use to automate all of your emails. It's you've, you've come across the platforms like this before, a SAS apps, things like active campaign, infusion soft, which I believe is now called to keep.

Nathan Wrigley: 12:39 Um, but the idea with this is that you can do all of this inside of WordPress. It's got all the stuff that you'd imagine, you know, you can tag and how flows and funnels and you can have criteria if they do this, then do this. And it's all built inside of WordPress. So if you want to take control of that and, and groundhog looks like the thing for you, go and check out that post on the WP Builds website. Okay. That's all the WordPress news I've got for you this week. But I've got three items which are nothing to do with WordPress. The first one is just to let you know, you probably knew already that Facebook had a massive outage this week. I don't honestly know what happened, but the search engine journal is saying that, you know, basically it was the end of the world.

Nathan Wrigley: 13:20 Uh, for me it disabled me from posting one or two items, but I think for some people Facebook has become super duper important and their, their entire business might revolve around it. So an outage could be serious stuff. It's backup, it came back up within a matter of hours is my understanding. But if you didn't know that happened this week, now the next one is really, I did not see this one coming either. This is, it looks like it's about WordPress because it kind of is, but it's also not, it's on the WP tavern website. It's called automatic takes on Facebook with a meditation on the open web. This is really intriguing. Automatic. I've put out a video on youtube. It's not very long. It's like two and a half, three minutes long. I imagine it was quite expensive because it's beautifully animated and it's sort of this dystopian view of the world.

Nathan Wrigley: 14:12 It's like a cartoon and it tries to make the point that here's Facebook, it's closed and it feels claustrophobic and like a big, busy, noisy city. Here's Instagram, the same thing, but here's WordPress open fields. The birds are chirping. It looks lovely, very strange, but the point is good. You know, the idea of all of these closed platforms that we're giving all of our data to. Ultimately, I think if you're using WordPress, you probably on some level have an objection to that. Perhaps you don't, but um, Facebook are in the targets of automatic who are trying to position themselves as a custodian of the open web. Certainly. Very interesting. Go check out the video, see what you make of it for yourself. And this next one, a chrome extension I've got for you this week. This chrome extension is called cloud division. It's really intriguing because all that it does is it adds a menu to your right click menu.

Nathan Wrigley: 15:05 It's called cloud vision. And then when you get, when you've done the right click, you got three options. You get texts detection, label detection and face detection. Now the one that I can see myself using his text detection, so you see an image, there's some text on it, click the button in this chrome extension and it will suck out the text for you. We'll turn the text from the image into a copy paste a little bit of text. It'll work out all the labels on the image itself, so for example, it will be able to tell you that this image has been tagged with looking like a bird or an animal or what have you. I'm not sure how that's done. I don't know if that's an AI type of thing and it's actually working out what it thinks. The images, I'm not sure, and it will also work out where all the faces are.

Nathan Wrigley: 15:48 Again, I'm not sure why that would be useful, but I like the text detection thing, so that's why I'm mentioning it this week. Okay, there you go. That's the news that I've got for you this week. I hope you found something of value in that.

Nathan Wrigley: 16:02 The WP Builds newsletter was brought to you today by Kinsta takes managed WordPress hosting to the next level, powered by the Google cloud platform. Your site is secured like Fort Knox and runs on speed obsessive architecture. You get access to the latest software and developer tools such as PHP seven ssh and staging environments. The best part, their expert team of WordPress engineers are available 24 seven if you need help, you can migrate today for free at Kinsta dot com and as I said before, we think still very much for their support of the WP Builds podcast.

Nathan Wrigley: 16:38 Hopefully I'll see you at some point, either in the Facebook group, possibly on Youtube, possibly in a Webinar that I'm going to be doing with Adrian Toby from groundhog later this week, and if none of that happens where you, maybe I'll catch you on the podcast on Thursday or back here for the news next Monday. Bye Bye for now.

Support WP Builds

We put out this content as often as we can, and we hope that you like! If you do and feel like keeping the WP Builds podcast going then...

Donate to WP Builds

Thank you!

Nathan Wrigley
Nathan Wrigley

Nathan writes posts and creates audio about WordPress on WP Builds and WP Tavern. He can also be found in the WP Builds Facebook group, and on Mastodon at wpbuilds.social. Feel free to donate to WP Builds to keep the lights on as well!

Articles: 818

Filter Deals

Filter Deals


  • Plugin (1)

% discounted

% discounted

Filter Deals

Filter Deals


  • WordPress (37)
  • Plugin (34)
  • Admin (29)
  • Content (18)
  • Design (11)
  • Blocks (6)
  • Maintenance (6)
  • Security (5)
  • Hosting (3)
  • Theme (3)
  • SaaS app (2)
  • WooCommerce (2)
  • Lifetime Deal (1)
  • Not WordPress (1)
  • Training (1)

% discounted

% discounted



WP Builds WordPress Podcast



WP Builds WordPress Podcast
%d bloggers like this: