April 2025

50,000 WordPress Sites Affected by Privilege Escalation Vulnerability in Uncanny Automator WordPress Plugin

Plugins / ,

Wordfence's Bug Bounty Program rewards researchers for reporting vulnerabilities in WordPress plugins, with payouts up to $31,200. A recent submission revealed an Arbitrary File Upload vulnerability in Uncanny Automator, affecting over 50,000 sites. The vulnerability allows authenticated attackers to escalate user roles to administrators. The researcher who reported it earned $1,065. After full disclosure on March 11, the Uncanny Owl team promptly released patches. Users are urged to update to version 6.4.0 to mitigate risk, as the vulnerability poses a serious threat to site security.

https://www.wordfence.com/blog/2025/04/50000-wordpress-sites-affected-by-privilege-escalation-vulnerability-in-uncanny-automator-wordpress-plugin/

Wordfence Intelligence Weekly WordPress Vulnerability Report (March 24, 2025 to March 30, 2025)

Plugins / ,

Wordfence offers a free Bug Bounty Program for WordPress plugins/themes, rewarding up to $31,200 per vulnerability. Last week, 392 vulnerabilities in 345 plugins and 15 themes were reported. Wordfence aims to provide security insights to the WordPress community, offering free tools for vulnerability detection. They deployed new firewall rules and disclosed vulnerability statistics: 213 patched, 179 unpatched; with severities ranging from low to critical. Additionally, many researchers contributed to identifying vulnerabilities, with a call for more to join the effort.

https://www.wordfence.com/blog/2025/04/wordfence-intelligence-weekly-wordpress-vulnerability-report-march-24-2025-to-march-30-2025/

How to Create a Blog on WordPress: Beginner’s Guide With Top Tools

Plugins /

Start a WordPress blog to share ideas or earn income. This guide covers domain selection, hosting, WordPress installation, theme choice, essential plugins, settings configuration, and performance optimization. Steps include choosing between WordPress.com (hosted) and WordPress.org (self-hosted), selecting a domain, installing WordPress, adding themes, and plugins, publishing posts, securing the blog, and monetization options like affiliate marketing and ads. Use tools like Jetpack and Google Analytics to track performance. Proper setup and strategy can lead to a successful blog.

https://jetpack.com/resources/how-to-create-a-blog-on-wordpress/

From Chaos to Control With ACF: How Agencies Can Tame the WordPress Block Editor for Efficiency & Design Integrity

Plugins /

WordPress Block Editor aids content creation but can lead to chaos post-launch for agencies. At DE{CODE} 2025, we’ll discuss how ACF provides control via relational content architecture, reducing content debt by 70% with reusable rows and dynamic blocks. We’ll also cover strategies for simplifying the editorial experience while maintaining design integrity. ACF’s future features will enhance agency workflows. Join us to learn actionable strategies for efficient site management. Register now for DE{CODE} 2025.

https://www.advancedcustomfields.com/blog/from-chaos-to-control-with-acf/

Case Study: Unleashing Creativity and Performance With GeneratePress and GenerateBlocks 2.0

Themes /

Leonardo Iannelli redesigned his personal website using GeneratePress and GenerateBlocks 2.0, showcasing its aesthetic and functional capabilities. He aimed for creative freedom, performance, efficient workflow, and scalability. Despite challenges like a learning curve and complex design needs, he leveraged GeneratePress’s lightweight framework and GenerateBlocks’ modular features, achieving a fast, beautiful site in under a month. Users praised its elegance and performance, and Leonardo plans to explore further tools for scalability. The case study illustrates how GeneratePress and GenerateBlocks can efficiently bring design visions to life.

https://generatepress.com/generate-blocks-2-case-study-leonardo-ianelli/

Astra 4.9.1 – Accessibility Enhancement & Bug Fixes

Themes /

Astra v4.9.1 released with improved accessibility, Elementor compatibility, and various bug fixes for a smoother experience. Key changes include added ARIA attributes, fixed WooCommerce eye icon placement, and issues with customizer color options, cart scrolling, quiz labels, and submenu navigation on tablets. Update recommended for best performance. Support available for questions.

https://wpastra.com/changelog/astra-4-9-1-accessibility-enhancement-bug-fixes/

WordPress 6.8 Release Candidate 2

WordPress /

Release Candidate 2 (RC2) for WordPress 6.8 is available for testing. Do not install it on production sites; use a test server instead. The release is targeted for April 15, 2025. Testing can be done via the WordPress Beta Tester plugin, direct download, command line, or WordPress Playground. Contributions in testing, vulnerability reporting, theme/plugin updates, and translations are encouraged. A haiku expresses the anticipation of bug squashing before the release.

https://wordpress.org/news/2025/04/wordpress-6-8-release-candidate-2/

Scroll to Top