WordPress 6.2.2 was released early this morning as a rapid follow-up to 6.2.1, which introduced a bug that broke shortcode support in block templates. Version 6.2.1 was also an important security release, but due to the catastrophic breakage for those using shortcodes in block templates, some users were implementing insecure workarounds or simply downgrading to 6.2 to keep critical functionality …
WordPress 6.3 Development Kicks Off to Conclude Gutenberg Phase 2
The WordPress 6.3 development cycle has begun and work is already underway on an ambitious list of features that will debut in the upcoming major release. It will cap off Phase 2 of the Gutenberg project, with an emphasis on polishing customization features and making them easier to use. WordPress 6.3 Editor Triage co-lead Anne McCarthy published a roadmap to …
WordPress Is Developing a Command Center for Quick Search and Navigation Inside the Admin
WordPress may soon be getting a Command Center, which would function as a quick search component for navigating to other areas of the admin, and would also be capable of running commands. The feature was introduced in Gutenberg 15.6 under the Experimental flag and currently has limited use in the Site Editor context while navigating and editing templates. The Command …
WordPress 6.2.1 Update Breaks Shortcode Support in Block Templates
WordPress 6.2.1 was released yesterday and rolled out to sites with automatic background updates enabled. The update included five important security fixes. Ordinarily, a maintenance and security release can be trusted not to break a website, but many users are struggling after 6.2.1 removed shortcode support from block templates. A support forum thread tracking the broken shortcodes issue shows that …
WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities
WordPress 6.2.1 was released today. Those with automatic background updates enabled should see a notice in their email, as updates rolled out earlier today. This is a maintenance and security release that includes important fixes for five security vulnerabilities outlined by core contributor and release co-lead Jb Audras: Block themes parsing shortcodes in user generated data A CSRF issue updating …
ACF Plugin’s Reflected XSS Vulnerability Attracts Exploit Attempts Within 24 Hours of Public Announcement
On May 5, Patchstack published a security advisory about a high severity reflected cross-site scripting (XSS) vulnerability in ACF (Advanced Custom Fields), potentially affecting more than 4.5 million users. WP Engine patched the vulnerability on May 4, but the Akamai Security Intelligence Group (SIG) is reporting that attackers began attempting to exploit it within 24 hours of Patchstack’s publication. “Once …
Themeum Acquires Kirki Customizer Framework Plugin
Themeum, a WordPress theme and plugin company founded in 2013, has acquired the Kirki Customizer Framework plugin from its former developer, David Vongries. In April 2023, Vongries announced he was sunsetting the product and discontinuing development. He put the plugin up for sale for $30K and sold it for just under the asking price. “I met the Themeum team at WordCamp Europe …
Essential Addons for Elementor Patches Critical Privilege Escalation Vulnerability
Essential Addons for Elementor, a plugin with more than a million active installs, has patched an unauthenticated privilege escalation vulnerability in version 5.7.2. The vulnerability was discovered on May 8, 2023, and reported by Patchstack researcher Rafie Muhammad. It was given a 9.8 (Critical severity) CVSS 3.1 score and is not yet known to have been exploited. Muhammad outlined the vulnerability …
WP Engine Releases Frost, A Free Block Theme for Website Builders
The WordPress Themes Directory is now hosting more than 300 block themes, a milestone for the dedicated theme developers who have persevered through the growing pains and evolution of block theming. WP Engine is one of the newest theme authors who helped put the directory over the 300 mark with its submission of Frost. With its clean, minimal design, 36 …
WordPress Community Team Evolves WordCamp Format to Promote Adoption, Training, and Networking for Professionals
WordPress’ Community Team hailed a new era of WordCamps in its recent announcement outlining a significant shift in the purpose for the events. In the past, WordCamps have had a mostly predictable format of presenting inspirational talks on exciting things people are doing with WordPress, business topics, and the latest trends, with short networking opportunities and a contributor day appended …