Nestor Angulo

Who’s Behind FAIR? Inside the Coalition Seeking to Redefine WordPress Software Distribution The launch of the FAIR Package Manager — built in secret, backed by the Linux Foundation, and announced last week alongside WordCamp Europe — has sparked a wave of conversation across the WordPress ecosystem.

Who’s Behind FAIR? Inside the Coalition Seeking to Redefine WordPress Software Distribution

www.therepository.email/whos-behind-...

Something Has to Change with WordPress. FAIR is a Great Start. Last week in Basel, Switzerland—at the Alt Ctrl Org conference held alongside WordCamp Europe—I stood on stage with my colleagues to introduce the FAIR Package Manager for WordPress. This wasn’t just ...

What is FAIR and why am I involved? I wrote about it here:
carriedils.com/wordpress-fa...

#FAIRPM #WordPress

Linux Foundation Announces the FAIR Package Manager Project for Open Source Content Management System Stability Linux Foundation announces FAIR Package Manager project, creating simplicity, security and consistency for the WordPress ecosystem

We're delighted to launch the FAIR Package Manager with the Linux Foundation - read our announcement and come collaborate with us! #FAIRPM

www.linuxfoundation.org/press/linux-...

Curioso nombre 😂. Gracias Nahuai!

Goodbye #osday25 and goodbye Florence 🥺

Soon, I will post a summary of this amazing event, but before I do, I just wanted to quickly thank all the organizers for organizing the BEST event ever 🤘

Thank you and see you next year 👋

💻 #CloudFest Hackathon day 2 is in full swing and the team, led by Nestor Angulo De Ugarte and John Blackbourn, is racking their brains. 🧠⚡️

Curious to see the results? See the final presentations tomorrow at 3:55 PM at the Ring Stage in Europa Park. 👀

#CFHack #CFHack2025 #cloudfest

A group of people gathers around a presenter who is explaining ideas on a whiteboard at a hackathon event. The presenter, a bearded man in a dark shirt, gestures towards the board, which contains handwritten notes under the title “CVE IS COMING! Securing the Supply Chain.” Participants wear conference badges and lanyards, with some taking notes and others listening attentively. The venue has a high ceiling, decorative elements including a wooden ship mounted on the wall, and large windows letting in natural light. Banners in the background display event branding, with text such as “CloudFest Hackathon” and “Next-Gen Security for Open Source.” Tables with laptops and event materials are also visible in the room.

How can you tell if the software and extensions (plugins/themes in #WordPress) have insecure dependencies? Software Bill of Materials. Stay tuned.

Arbitrary File Upload Vulnerability Patched in Chaty Pro Plugin Learn about the critical security vulnerabilities in the Chaty Pro plugin. Protect your site from unauthorized access and potential takeovers.

Unauthenticated Arbitrary File Upload Vuln in Chaty Pro plugin 🛡️

It suffers from an arbitrary file upload vuln. An attacker can upload a malicious file and take over the site 🚫

It was fixed in 3.3.4 ✅

With Patchstack protection activated, you're already protected 🛡️

patchstack.com/articles/una...

Issue #248 - Automattic hit with class action over WP Engine dispute

Out now: The Repository #248 🗞️

⚖️ Automattic hit with class action over WP Engine dispute
😓 Core committers raise concerns as development stalls
🌥️ CloudFest Hackathon 2025
🚺 WordPress communities celebrate IWD
🌏 WordCamp Asia 2025 recap

therepository.email/248

If you're looking to expand beyond WordPress and are on the lookout for suitable alternatives, you're in the right place! 👀 Joining us for this episode is S... Is Drupal CMS a good alternative to WordPress? ft Steve Persch, Pantheon

I had a lot of fun recording this with Steve. 🎬

#Drupal has some interesting solutions baked in - including using AI agents, recipes, and Symfony under the hood. Also, it has a different philosophy behind it. 💡

www.youtube.com/watch?v=u3t...

Critical Privilege Escalation Patched in KLEO Theme's Plugin - Patchstack A critical privilege escalation vulnerability was found in the K Elements plugin, affecting KLEO theme users. Update to version 5.4.0 to stay secure. Patchstack customers are already protected.

Critical Privilege Escalation Patched in KLEO Theme’s Plugin. 🔒

It occurs due to broken logic in the FB social login process. ❌

Update it immediately to at least 5.4.0 ⬆️

If you have Patchstack protection enabled, you're already protected. ✅

patchstack.com/articles/cri...

In the mood to test your CTF skills 😜?? There is an open CTF now happening in #WordCamp Asia 2025, you can participate it from any place in the world. 😉We've also put out over $3000 of cash prizes for the top 5.
Have fun! ctf.patchstack.com
#infosec #wcasia2025 #WordPress #bugbounty

Join us for a webinar covering the key differences between Drupal CMS and WordPress if you're looking for a suitable alternative! The full episode will be li... Teaser: Is Drupal CMS a Good Alternative to WordPress? ft. Steve Persch, Pantheon

I enjoyed discussing everything #drupal with Steve Persch from #pantheon. 🎉

The full interview will be out on 21st Feb, but you can already watch the teaser:
www.youtube.com/watch?v=9p8...

and you can subscribe for the final video (link in the comment): 🔔

El tema es que dice en su artículo que redireccionará los recursos resultantes de esa reducción a la batalla legal con WPEngine (y a actualizaciones críticas y de seguridad)...

Entiendo que si, y asi deseo. Pero es una consecuencia inmediata, imagino.

Mi pregunta sería si esto implicaría "liberar" el equivalente en ingenieros y demás personal de .org.

🚨 Critical Vulnerability Patched in GiveWP Plugin.

Versions 3.19.3 and below suffer from an unauthenticated PHP Object Injection vuln. 💻

This was fixed in version 3.19.4, so update ASAP. 🛠️

As a paid Patchstack user you're protected from this vuln🛡️

patchstack.com/articles/cr...

Critical Vulnerabilities Found in Fancy Product Designer Plugin - Patchstack Critical vulnerabilities discovered in the Fancy Product Designer plugin: unauthenticated arbitrary file upload and SQL injection. Stay protected with Patchstack.

Critical Vulnerabilities Found in Fancy Product Designer Plugin! 🚨

It suffers from Unauthenticated Arbitrary File Upload and SQL Injection vulnerabilities. ⛓️‍💥

No patch was released. 😔

As a paid Patchstack user you're protected from this vulnerability🛡️

patchstack.com/articles/cr...

So you don't miss me @ciudadanob.com ? 🤣
I can take @maciekpalmowski.dev to Spain if you push for having English tracks in any Spanish WordCamp.