SudoWP

The SudoWP project began with a simple problem: a popular plugin was pulled due to security issues, leaving users stranded. Read our origin story on how rescuing "Zurich for ClickFunnels" became the blueprint for everything we do. sudowp.com/blog/the-sudow… #SudoWP #WordPress

@WaterRabbitt @oost_marcel There isn't any such thing as "simpler cross-border rules" unless there is one rule for the whole EU(#lol)

@oost_marcel If EU Inc. delivers what’s described here — faster setup, lower cost, simpler cross‑border rules — it could remove a lot of friction founders deal with today. The real test will be how consistently it works across all member states.

🚨𝘽𝙍𝙀𝘼𝙆𝙄𝙉𝙂: European Commission President Ursula von der Leyen unveiled EU–INC, a new framework that lets you launch a company in 48 hours for under €100 Starting a company across the EU today = 27 legal systems, 60+ company structures 🤯 That might be about to change… The European Commission just introduced 𝗘𝗨 𝗜𝗻𝗰., a new optional corporate framework designed to make Europe actually function like one market. Here’s what stands out: → Set up a company in 48 hours → Cost: < €100 → Fully online, no minimum capital → One single framework across all EU countries → Easier share transfers & fundraising → EU-wide employee stock options (huge for talent) Especially the EU-wide stock option plans, taxed only when employees actually sell (instead of when granted) is huge. This makes it far easier for startups to attract and retain top talent, finally putting Europe closer to the US playbook. Source/More info: ec.europa.eu/commission/pre… In short: This is Europe trying to compete with the simplicity of a Delaware C-Corp 🇺🇸 And honestly… it’s long overdue. For years, European founders had 2 choices: 1. Stay local and deal with fragmentation 2. Move to the US to scale 𝗘𝗨 𝗜𝗻𝗰. is trying to remove that trade-off. If executed well, this could be one of the most important structural changes for European startups in decades. What do you think?

@pafburen @oost_marcel of course not, lets wait for another 20 yrs for this.

@oost_marcel And one VAT system all over EU ?

@Warpberry @oost_marcel >2028

@oost_marcel Been seeing news about it for a couple of months now. I wonder, when this system is going to come online? Because if it takes year(s) to implement it just might be too late with where we are on the exponent…

"The EU Inc. proposal will now be discussed by the European Parliament and the Council. The Commission will do its utmost to support the co-legislators in this respect with the clear objective to reach an agreement by end of 2026." EU administration is up until now an endless discussion project, hopefully this will change.

Tired of hunting down WordPress plugins that were quietly abandoned, leaving your site exposed? SudoWP forks those plugins, patches the security holes, and keeps them maintained. SudoWP Hub brings the entire catalog right into your wp-admin, so you can find and install any patched plugin in one click, the same way you would from the official WordPress directory. No ZIP files. No manual folder renaming. No leaving your dashboard. Install it once, and every SudoWP patch is always one search away. Get it here: sudowp.com/blog/sudowp-hu… #WordPress #WordPressSecurity #WebDevelopment

Initially, you definitely need a money-maker plugin; your best bet is targeting the #WooCommerce market—kudos to @mikevalera. Decide on your plugin licensing policy and track sales from day one. If you don’t sell any plugins or licenses within 1–3 months after launch, reconsider your roadmap. Also, keep an eye on how WordPress is advancing with LLMs and support the #WordPress 6.9+ Abilities API. For the latter, check the latest blog post about our SudoWP Radar plugin: sudowp.com/blog/sudowp-ra…

Thinking about opening a small #WordPress plugin shop. Any advice from those who already sell plugins?

@laxmariappan heads up for your @github profile, your site link forwards to yiur GH repo instead(404 too).

WordPress 6.9 introduced the Abilities API. Every registered ability is an entry point for AI agents and MCP tools. Wordfence won't catch this. It scans known CVEs. This is a different problem. SudoWP Radar audits the live registry before the CVE exists. sudowp.com/blog/sudowp-ra…

4/4 Full patch breakdown, changelog, and honest caveats (yes, it has a performance cost - it hooks into everything by design): sudowp.com/blog/the-sudow…

1/4 Simply Show Hooks plugin was permanently closed on WordPress.org after a supply chain attack (CVE-2024-6297) injected code to create unauthorized admin accounts on affected sites. We forked it from a clean codebase. Here is what changed. sudowp.com/blog/the-sudow…

3/4 Every state change now requires a verified WordPress nonce. manage_options is checked at render_action(), notification_switch(), and filter_hooks_panel() - not just at init. The sudowp_hooks_status cookie is now httponly, SameSite: Lax, and HTTPS-only when SSL is active.

2/4 The original had no output escaping on hook names or function names rendered to the page. No CSRF protection on the toggle. No capability checks on individual rendering methods. Cookies set without httponly, secure, or SameSite flags.

6/6 Gallery rendering, sliders, shortcodes: unchanged. Drop-in replacement for existing PostGallery installs. Full breakdown and download: sudowp.com/blog/sudowp-po…

1/6 The PostGallery WordPress plugin was closed on WordPress.org on Dec 2, 2025. CVE-2025-13543 (CVSS 8.8) left all versions up to 1.12.5 open to arbitrary file uploads. No vendor fix. We forked it.

5/6 Every sensitive AJAX action (delete, rename, rotate, save_meta) now requires current_user_can('upload_files'). File names pass through sanitize_file_name() before processing. Subscribers and contributors cannot reach any of it.

4/6 SudoWP PostGallery fixes this with a strict allowlist (jpg/jpeg/png/gif/webp only), finfo_file() MIME validation to catch renamed payloads, and removal of all nopriv hooks on file handlers.

3/6 It gets worse. The original used nopriv hooks on the upload endpoint. In certain configurations, no account needed at all. Unauthenticated users could reach the uploader directly.

2/6 The flaw is in the PostGalleryUploader class. Subscriber-level users could upload a PHP file, have it land in a web-accessible directory, and trigger remote code execution. Classic unrestricted upload vulnerability.

@qsandbox Also, we @ developed a plugin (sudowp-hub) that helps a WP admin install any of our patched plugins on their WP site. github.com/Sudo-WP/sudowp…

@qsandbox Hey there! Devs may be fluent with GitHub, but many WordPress users aren't. Submit the plugin you want to request a patch for @sudo_wp 's site HP. We'll review it & get back to you. If approved, the patched version will be pushed to our GitHub: github.com/Sudo-WP/ #easy

The SudoWP project began with a simple problem: a popular plugin was pulled due to security issues, leaving users stranded. Read our origin story on how rescuing "Zurich for ClickFunnels" became the blueprint for everything we do. sudowp.com/blog/the-sudow… #SudoWP #WordPress

@wpdemoapp @Orbisius Hi! Can you share some more information about this? Will they be forks or newly developed plugins? Will you add it to the official WordPress repo or under GitHub?

@sudo_wp for our WordPress plugins (at @Orbisius, the parent of wpdemo) we've been thinking of creating a suite of high performance plugins and stay away from bloated code.