WPDigest.io

Menu
Partner With Us
Digest-115

Digest 115: Roadmap to 6.9. New AI builder. 3 Security Alerts

Digest / Leave a Comment
WPDigest Logo

This week’s digest is packed with critical news: a major roadmap for WordPress 6.9, new AI tools for content creators, and urgent security warnings affecting millions of sites. Dive in for all the essential updates you need. 👇

Kinsta_black

Kinsta – The Future of WordPress Hosting is Here
Speed and security, powered by the best of Google Cloud. Kinsta’s premium hosting is engineered for peak performance, helping over 120,000 businesses deliver a flawless user experience. With 37+ global data centers, we keep your site lightning-fast, everywhere.

Boost your website’s performance today.

SERPForge

SERP ForgeTransform Clicks into Customers
Don’t just create great content—make sure it gets found. SERP Forge delivers powerful SEO and content marketing strategies designed to cut through the competition. We’ll help you earn more traffic, more leads, and more conversions.

Ready to get found? Get in touch..

↑ Brought to you with support from these partners

đź’ˇ WordPress Spotlight

  • Slim SEO Pro Introduces Writing Assistant for Smarter Content
    Slim SEO Pro has launched a new Writing Assistant feature that helps creators balance readability with SEO. Inside the editor, it checks keyword usage, media, internal links, slug length, readability, and more—giving real-time feedback without overwhelming you with rigid “rules.” Instead, it offers friendly nudges like shortening slugs, breaking up long paragraphs, or adding alt text. The result: content that’s easier to read, looks polished, and performs better in search engines. (Source)
  • pCloud Web Launches “Photos” for Faster, Smarter Browsing
    pCloud has rolled out a new Photos experience on its web platform, designed to make managing memories effortless. The update delivers lightning-fast access, a clutter-free layout, and a timeline view that organizes images in the order they were captured. Instead of digging through endless folders, users can now browse their photo library in seconds. This release also lays the groundwork for upcoming features to improve search, organization, and sharing—making photo storage feel less like file management and more like reliving your story. (Source)
  • Critical Vulnerability Found in Contact Form Entries Plugin
    A serious security flaw has been discovered in the Contact Form Entries plugin, which stores submissions for Contact Form 7, WPForms, and Elementor Forms. Affecting over 70,000 websites, the vulnerability allows unauthenticated attackers to inject PHP objects, potentially deleting files, triggering denial-of-service attacks, or executing remote code. Sites using Contact Form 7 are especially at risk due to a POP chain that can amplify the attack. Plugin versions up to 1.4.3 are affected—updating to version 1.4.5 is strongly recommended. (Source)
  • Critical Vulnerability in Three WordPress File Manager Plugins
    A serious security flaw affects three popular WordPress file management plugins—File Manager, Advanced File Manager, and File Manager Pro—with a combined installation on over 1.3 million sites. The issue, caused by outdated elFinder versions (≤2.1.64), allows unauthenticated attackers to delete arbitrary files via directory traversal. Exploitation requires the file manager to be publicly accessible, though some plugins need at least subscriber-level authentication. Site owners are strongly advised to update to the latest plugin versions to prevent potential file deletion and site compromise. (Source)
  • WordCamp US 2025 Heads to Portland, Oregon
    WordCamp US 2025 is set for August 26–29 in Portland, Oregon, bringing together developers, designers, and WordPress enthusiasts for four days of learning and networking. The event kicks off with Contributor Day, followed by showcase sessions, keynotes, and expo hall exploration. Attendees can dive into web development trends, accessibility, design, and more, while enjoying Portland’s scenic beauty. Special hotel blocks are available at the Hyatt Regency Portland for convenient lodging. Tickets are limited—secure your spot to connect with the global WordPress community. (Source)
  • Rocket.net Ranks No. 167 on 2025 Inc. 5000 List
     Rocket.net has achieved the No. 167 spot on the 2025 Inc. 5000 list of America’s fastest-growing private companies, marking its first appearance. The managed WordPress hosting provider reported a three-year revenue growth of 2,320%, serving over 45 billion monthly requests with a 50ms site delivery speed. CEO Ben Gaber highlighted the milestone as a testament to the company’s growth and innovative approach. This recognition places Rocket.net among the nation’s fastest-growing hosting companies and underscores its role in empowering SMBs, enterprises, and agencies worldwide. (Source)
  • Meet SmartCreatorPress: A New All-in-One for Creators
    A new all-in-one membership, course, and funnel plugin called SmartCreatorPress (SCP) has hit the market. Built by the team behind Smart Quiz Builder and Smart Forum Builder, SCP is designed for digital creators, coaches, and entrepreneurs. It features an intuitive builder, seamless community and LMS integration, and built-in funnel creation to help users sell and deliver their content all from a single platform. (Source)
  • WP Simple Pay 4.14.0 Unlocks Free Subscriptions & New Templates WP Simple Pay has rolled out version 4.14.0, which makes subscription payments available to all license levels, including the free version. This update also adds two new payment form templates—one for gift vouchers and another for online courses with physical workbooks. Additionally, users can now customize the subscription cancellation message, providing more control over the user experience. (Source)
  • Inside MaxiBlocks: The Philosophy of a Free Gutenberg Builder
    In a new interview with Website Planet, the team behind MaxiBlocks discusses their mission to build a free, open-source Gutenberg page builder. They share insights on their design philosophy, how they balance flexibility with performance, and why they’ve chosen a business model with no locked blocks or domain restrictions. A great read for anyone interested in the future of the block editor. (Source)
  • Ahrefs on AI’s Impact on SERPs
    A new report from Ahrefs analyzes how Search Engine Results Pages (SERPs) have evolved in the AI era. It notes a significant decline in traditional Featured Snippets and a huge increase in AI Overviews, with Sitelinks also seeing a major rise in visibility. (Source)
  • Roadmap to WordPress 6.9
    The official roadmap for WordPress 6.9 has been released, with a target date of December 2, 2025. Key new features include a simplified site-editing experience, expanded template management, the ability to hide blocks from the front end, and block-level commenting. A new Abilities API is also being introduced to make WordPress functionality more accessible to AI systems. (Source)
  • WordPress Credits Internship Program
    The WordPress Foundation has launched a new contribution-focused internship program called WordPress Credits. It aims to help university students get involved in the open-source project, providing them with structured guidance and real-world experience. The pilot program was developed in partnership with the University of Pisa.(Source)
  • WPBeginner Celebrates 16 Years
    WPBeginner is celebrating its 16th anniversary with reflections, updates, and a major giveaway. The post looks back at the journey of the resource site and highlights recent developments. (Source)
  • Vulnerability in WordPress AI Engine Plugin
    A security advisory has been issued for the AI Engine WordPress plugin, affecting up to 100,000 websites. The vulnerability allows authenticated attackers with subscriber-level access to upload malicious files, potentially leading to remote code execution. (Source)
  • WooCommerce Customer Review Plugin Vulnerability
    A stored XSS vulnerability has been found in the Customer Reviews for WooCommerce plugin, affecting over 80,000 sites. The flaw could allow unauthenticated attackers to inject malicious scripts into web pages. (Source)
  • WordPress Contact Form Entries Plugin Vulnerability
    A high-severity vulnerability affects the “Redirection for Contact Form 7” add-on, which is installed on over 300,000 websites. The flaw could allow unauthenticated attackers to delete arbitrary files, potentially leading to remote code execution. (Source)
  • Vulnerability in 3 WordPress File Plugins
    An advisory has been issued for three WordPress file management plugins, affecting over 1.3 million sites. The vulnerability is caused by outdated versions of the elFinder file manager, which could allow unauthenticated attackers to delete arbitrary files on the server. (Source)
  • Critical Vulnerability Affects Tutor LMS Pro Plugin
    A critical vulnerability has been discovered in the Tutor LMS Pro plugin. The flaw, rated 8.8, is a time-based SQL injection that could allow authenticated attackers to extract sensitive information from the database. (Source)

kinsta-affiliate-banner

🏷️ Exclusive Deals Digest

Unlock incredible lifetime deals on the best WordPress tools and services, saving you money while enhancing your website. Don’t miss out on exclusive offers that can transform your WordPress experience.

Browse Lifetime Deals Now

✨ Fresh Features Rollout

  1. Gutenberg 18.4 Brings Usability Improvements
    The latest update to Gutenberg, version 18.4, includes several usability improvements for the block editor. Notable changes include enhancements to the Grid block, a new keyboard shortcut, and various bug and accessibility fixes. (Source)
  2. WooCommerce 10.0: Investing in Accessibility
    WooCommerce 10.0 focuses on making your online store more accessible. This release is built to be fully conformant with WCAG 2.2 Level AA and includes improvements to semantic markup, keyboard navigation, and form error handling. The update also introduces shareable checkout URLs and a more efficient CSV product importer. (Source)
  3. Introducing the Lubus Responsive Tabs Block
    A new, free plugin from Lubus.in, the Responsive Tabs Block, is now available for the WordPress block editor. This accessible and responsive block allows you to easily create content tabs to condense long-form content and improve user experience. (Source)
  4. FlyingPress Adds Cloudflare Full Page Caching
    FlyingPress has introduced a new Cloudflare integration that enables full page caching for your site. By using Cloudflare’s global edge network, the integration helps reduce Time to First Byte (TTFB) and lowers server load, all while working with Cloudflare’s free plan. (Source)
  5. ACF PRO 6.5 Enhances Flexible Content Field
    Advanced Custom Fields (ACF) PRO 6.5 brings major improvements to the Flexible Content field, making it easier for content editors to manage complex pages. New features include the ability to rename and disable layouts, bulk collapse and expand layouts, and a visual highlight of the active layout during editing. (Source)
  6. AIOSEO Launches AI Content Generator
    All in One SEO (AIOSEO) has released a new AI Content Generator feature. Available for both Lite and Pro users, this tool can instantly create optimized content such as FAQ blocks with schema, key points, and social media posts directly within the WordPress editor. (Source)
  7. Charitable Integrates with Square Payments
    The popular donation plugin Charitable now includes a built-in integration with Square. This new feature allows you to accept one-time and recurring donations securely on your website, with no additional add-ons required. (Source)
  8. WP Consent 1.0.9 Offers Enhanced Geolocation and Blocking
    WP Consent 1.0.9 improves its geolocation features, allowing you to easily customize cookie consent settings for different regions with pre-configured templates for major privacy regulations. The update also gives you more control over manually blocking custom scripts and iframes until consent is granted. (Source)
  9. WPForms Announces Entry Automation
    The new Entry Automation add-on for WPForms allows users to automate tasks like exporting or deleting form entries on a specified schedule. It supports exporting to various formats (CSV, XLSX, JSON, PDF) and destinations (email, FTP, Dropbox, Google Drive). (Source)
  10. InstaWP Version 3
    A video provides an overview of InstaWP version 3, which introduces a new interface and pricing model. The platform allows for quick creation of WordPress development sites with features like snapshots and templates. The new pricing includes a free 48-hour option and a flexible paid “sandbox” plan. (Source)
  11. Divi 5’s New Extend Attributes Feature
    Elegant Themes introduces “Extend Attributes” in Divi 5, an upgrade from Divi 4’s “Extend Styles.” This new feature allows users to propagate almost any module setting—including content, interactions, and animation behaviors—to other elements, significantly broadening its scope beyond just visual styles. (Source)
  12. GeneratePress Introduces Podcast Starter Sites
    GeneratePress has released three new starter sites specifically designed for podcasters. These pre-built templates aim to help users create a fast and engaging site to establish their podcast brand. (Source)
  13. BuddyBoss App Multilingual Support
    The BuddyBoss App now offers multilingual support, allowing every community member to choose their preferred language. The feature aims to help communities expand globally and maintain consistency across cultures. (Source)
  14. SearchWP’s Multiple Results Templates
    SearchWP has launched a new feature that allows users to create unlimited custom search results pages for their WordPress websites. The new “Search Results” block also allows these templates to be added anywhere on a site without code. (Source)
  15. WordPress Maintenance Releases
    Maintenance releases for WordPress branches 4.7 to 6.7 are now available. These updates backport a security certificate bundle update to ensure that older sites use the most up-to-date trusted security certificates. (Source)

🆕 Fresh Releases

  1. Envira CDN: A New Image CDN for WordPress
    Envira Gallery has launched a new product, Envira CDN, a lightning-fast content delivery network designed specifically for WordPress images. It automatically offloads your images to a global network of 335+ locations, resizing and converting them to the most efficient format (like WebP) on the fly. This promises faster loading times and better SEO without complex setup. (Source)
  2. Introducing FluentCart: A New All-in-One eCommerce Plugin
    A new eCommerce plugin, FluentCart, is now available for WordPress. Built by the team behind FluentCRM and Fluent Forms, this solution aims to be a lightweight, fast alternative to other platforms. It features built-in support for physical, digital, and subscription products, as well as native integrations with popular payment gateways like Stripe and PayPal. (Source)
  3. AI Builder: A New AI-Powered Tool for Gutenberg
    A new plugin called AI Builder is now available on the WordPress repository, promising to transform website creation by embedding AI tools directly into the Gutenberg editor. It allows you to generate complete pages, content blocks, text, and images from simple prompts, helping you build professional sites faster without writing any code. (Source)

🗓️ Mark Your Calendar 

If you’re looking for opportunities to network and learn, check out these upcoming WordPress events and meetups:

That’s a wrap for this week’s WPDigest! Stay tuned for more exciting WordPress updates next week.

Want to feature your WordPress product, service, or update news? Submit it for free using our form, helping spread the goodness of WordPress!

đź“© Enjoyed this digest? Share it with your network!

Must Read

Leave a Comment

Your email address will not be published. Required fields are marked *