WordPress 6.2.1 was released yesterday and rolled out to sites with automatic background updates enabled. The update included five important security fixes. Ordinarily, a maintenance and security release can be trusted not to break a website, but many users are struggling after 6.2.1 removed shortcode support from block templates. A support forum thread tracking the…
WordPress 6.2.1 was released today. Those with automatic background updates enabled should see a notice in their email, as updates rolled out earlier today. This is a maintenance and security release that includes important fixes for five security vulnerabilities outlined by core contributor and release co-lead Jb Audras: The patches were backported to WordPress 4.1.…
WordPress is approaching its 20th anniversary, and for the majority of those years, contributors have cranked out a new default theme. Even though the structure and supported features of default themes have drastically changed over the years, contributors are still actively maintaining all 13 of the “Twenty” themes. A new proposal on WordPress.org recommends winding…
On May 5, Patchstack published a security advisory about a high severity reflected cross-site scripting (XSS) vulnerability in ACF (Advanced Custom Fields), potentially affecting more than 4.5 million users. WP Engine patched the vulnerability on May 4, but the Akamai Security Intelligence Group (SIG) is reporting that attackers began attempting to exploit it within 24…
Themeum, a WordPress theme and plugin company founded in 2013, has acquired the Kirki Customizer Framework plugin from its former developer, David Vongries. In April 2023, Vongries announced he was sunsetting the product and discontinuing development. He put the plugin up for sale for $30K and sold it for just under the asking price. “I met the…
WP Engine has launched an annual survey for Advanced Custom Fields (ACF), one of the plugins it acquired from Delicious Brains in 2022. ACF reports more than 4.5 million active users, including PRO site installs, and WP Engine Product Manager Iain Poulson reports that the plugin is “growing in every way since the acquisition.” ACF…
Essential Addons for Elementor, a plugin with more than a million active installs, has patched an unauthenticated privilege escalation vulnerability in version 5.7.2. The vulnerability was discovered on May 8, 2023, and reported by Patchstack researcher Rafie Muhammad. It was given a 9.8 (Critical severity) CVSS 3.1 score and is not yet known to have been…
WordCamp US 2023, which is being held August 23-25 in National Harbor, has opened its call for speaker applications. If financial considerations are preventing anyone from applying, there are scholarships and grants available to help cover travel expenses. WCUS is now accepting applications for the Kim Parsell Memorial Scholarship for travel. This particular scholarship applies…
The WordPress Themes Directory is now hosting more than 300 block themes, a milestone for the dedicated theme developers who have persevered through the growing pains and evolution of block theming. WP Engine is one of the newest theme authors who helped put the directory over the 300 mark with its submission of Frost. With…
WooCommerce 7.7.0 was released this week with Multichannel Marketing now out of beta. This is the first thing store owners see when they visit the Marketing page in the dashboard. It allows users to connect additional sales channels, such as Google, Amazon, and eBay, and automatically manage inventory across storefronts. This addition makes WooCommerce more…
WordPress’ Community Team hailed a new era of WordCamps in its recent announcement outlining a significant shift in the purpose for the events. In the past, WordCamps have had a mostly predictable format of presenting inspirational talks on exciting things people are doing with WordPress, business topics, and the latest trends, with short networking opportunities…
As AI-powered technology is rapidly evolving to exponentially extend human capabilities, WordPress contributors do not want the platform to get left behind. AI-powered website creation could even become a threat to its existence, more than a competing CMS, if WordPress doesn’t ensure the platform is easily pluggable for AI-powered extensions. A new discussion on the…
Advanced Custom Fields (ACF) has patched a reflected XSS vulnerability that affects versions 6.1.5 and below of ACF and ACF Pro, potentially impacting more than 2+ million users. It was discovered by Patchstack researcher Rafie Muhammad in May 2, 2023, and patched by ACF developers in version 6.1.6 on May 4, 2023. Patchstack published a security…
Gutenberg 15.7 was released this week, adding Site Logo upload and replacement from the inspector controls sidebar. This feature is still available in the block toolbar but it feels like a natural addition to the inspector, as it was previously available in a similar fashion in the Customizer. Here users can easily adjust the logo…
Caseproof, makers of MemberPress, has acquired WishList Products, the parent company of WishList Member and CourseCure. The Wishlist team, with the exception of co-founder Tracy Childers, will continue supporting and developing the products under the leadership of Caseproof founder Blair Williams. WishList Member is one of the longest running WordPress membership plugins with a 14-year…