Google’s Structured Data Updated For Images, TikTok Set To Open Warehouses In The USA, and New WordPress Vulnerability Affects 700,000 Sites.

October 14, 2022 Posted by Sean Walsh News, Round-Up 0 thoughts on “Google’s Structured Data Updated For Images, TikTok Set To Open Warehouses In The USA, and New WordPress Vulnerability Affects 700,000 Sites.”

Welcome to the latest Digital Roundup, keeping you informed of what’s going on across the vast space of the World Wide Web.

This week, Google has made giving image credits a lot easier, TikTok may be competing with Amazon, and a new WordPress has been discovered.

Google Release An Update For Image Structured Data

This week, Google released three new structured data properties which can be used with ‘ImageObject type’, the new properties will allow you to add image credits, copyright information, and image creator information a lot easier through structured data.

Originally you’d need to add this information through IPTC photo metadata.

The homepage for Google displayed on a tablet.

IPTC stands for International Press Telecommunications Council, which serves as the standards body for news media. The IPTC metadata is a way that you can add licensing information to your images.

The changelog from Google on this update states the following:

“Added support for image credits to the Image Metadata structured data documentation.

Previously, you could only provide image credit information with IPTC photo metadata.”

The pages about image licenses have now been updated to reflect the fact that support has been updated to reflect the fact that structured data has been updated.

The page begins with the following statement:

“When you specify image metadata, Google Images can show more details about the image, such as who the creator is, how people can use an image, and credit information.”

The following new data structure properties are:

  • creditText
  • creator
  • copyrightNotice

According to Schema, the data types can be defined as:

  • “creditText
    Text that can be used to credit person(s) and/or organization(s) associated with a published Creative Work.
  • creator
    The creator/author of this CreativeWork. This is the same as the Author property for CreativeWork.
  • copyrightNotice
    Text of notice appropriate for describing the copyright aspects of this Creative Work, ideally indicating the owner of the copyright for the Work.”

Examples of how Structured Data Requirements will look

Google has shown an example of how structured data looked before, and how it now looks:

Before

<script type="application/ld+json">
{
"@context": "https://schema.org/",
"@type": "ImageObject",
"contentUrl": "https://example.com/photos/1x1/black-labrador-puppy.jpg",
"license": "https://example.com/license",
"acquireLicensePage": "https://example.com/how-to-use-my-images"
}
</script>

After

<script type="application/ld+json">
{
"@context": "https://schema.org/",
"@type": "ImageObject",
"contentUrl": "https://example.com/photos/1x1/black-labrador-puppy.jpg",
"license": "https://example.com/license",
"acquireLicensePage": "https://example.com/how-to-use-my-images",
"creditText": "Labrador PhotoLab",
"creator": {
"@type": "Person",
"name": "Brixton Brownstone"
},
"copyrightNotice": "Clara Kent"
}
</script>

These changes have made it a lot easier for website publishers to add the required image licenses and credits.

TikTok Plan to Open Warehouses In The US

An image of the inside of a warehouse with various orange shelves with cardboard boxes on them.

This week saw over a dozen LinkedIn Career postings which suggested that the social media giant TikTok would be getting into warehousing and logistics.

The listings were first notified by Axios, which is a Chinese-owned company, and the postings stated that the company is looking into constructing ‘global fulfilment centres’. Currently, Axios is looking for employees around Seattle and Los Angeles.

“The eCommerce industry has seen tremendous growth in recent years and has become a hotly contested space amongst leading Internet companies, and its future growth cannot be underestimated,” TikTok stated in the posting, “With millions of loyal users globally, we believe TikTok is an ideal platform to deliver a brand new and better e-commerce experience to our users.”

TikTok will be committing to providing warehousing, delivery, and return services for respective merchants. This will also include clearing and supply chain systems.

The above information and findings show that TikTok is committing to revenue generation through eCommerce, which when paired with the platform’s impressive ad revenue, will keep the company growing at a significant rate.

TikTok’s Pledge To ECommerce and Live Shopping

Back in August of 2021, TikTok partnered with Shopify, in order to allow vendors and merchants methods to connect their Shopify shops with TikTok. The idea behind the partnership was to help facilitate brands on the platform by allowing users to organically discover products and by introducing shopping tabs.

TikTok also experimented with live shopping, which is a cultural craze in Asia. However, it was reported that after the experiment, TikTok would be abandoning live shopping plans for the rest of the world because it struggled to become popular.

Now it’s been reported by the Financial Times that TikTok is launching the live shopping initiative again by partnering with TalkShopLive.

Whilst the deal and details haven’t been finalised, the partnership would allow TikTok to outsource live shopping operations. It’s currently unknown if this would be coming to Europe or America.

TikTok’s Warehousing Could Be A Challenge To Amazon

TikTok has established itself as a powerful online company and competitor to Meta, but by creating its own supply chain system, it could begin to challenge Amazon as well.

“By providing warehousing, delivery, and customer service returns, our mission is to help sellers improve their operational capability and efficiency, provide buyers a satisfying shopping experience and ensure fast and sustainable growth of TikTok Shop,” said TikTok.

WordPress Plugin’s Vulnerability Affects 700,000 Sites

The US Government’s NVD (National Vulnerability Database) published an advisory this week regarding a WordPress plugin called Shortcodes Ultimate after it had been discovered that the plugin contains a Cross-Site Request Forgery vulnerability.

Shortcodes is an extremely popular plugin and has over 700,000 installations.

If you have Shortcodes installed on your site, you need to update the version to 5.12.2 in order to plug the hole in the vulnerability ASAP.

An image of a MacBook with some code displayed.

What is a Cross-Site Request Forgery vulnerability?

CSRF, or cross-site request forgery, is a type of vulnerability which can lead to total website takeovers from malicious forces.

This sort of vulnerability is caused by whoever programmed the vulnerability to target a flaw in the plugin’s software, the flaw can trigger a change, which can lead to nasty consequences.

A successful CSRF attack depends on the user, if a user with admin access clicks on a link, they could unintentionally reveal sensitive information such as a session cookie, if this cookie is accessed by someone looking to do damage, they can impersonate the admin.

“CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf. For most sites, browser requests automatically include any credentials associated with the site, such as the user’s session cookie, IP address, Windows domain credentials, and so forth. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish between the forged request sent by the victim and a legitimate request sent by the victim.”

– Open Web Application Security Project

The NVD

Not to be confused with the NKVD, the NVD or the National Vulnerability Database published some details about Shortcode Ultimate’s vulnerability, whilst there’s not a complete breakdown, we do know the following.

“Cross-Site Request Forgery (CSRF) vulnerability in Shortcodes Ultimate plugin <= 5.12.0 at WordPress leading to plugin preset settings change.”

The changelog in Github states the following:

“### 5.12.1

**Security release**

This update fixes a security vulnerability in the shortcode generator. Thanks to Dave John for discovering it.”

Dave Jong is the CTO of PatchStack and the one who discovered the vulnerability, the Github patch notes misspelt his name.

Author Profile
Sean Walsh
Director at Intelligency

Sean is a Director at Intelligency heading up our digital marketing and client services operations. Sean has 15+ years experiencing working both in-house and agency with brands including Lloyds, Alstom, Hitachi, Lufthansa, Viaplay, DFDS Seaways and Mercedes-Benz.

Latest Posts

Categories