May 2025 – Page 4 – The WP Blog

10,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Eventin WordPress Plugin

May 7 2025

TLDR: Wordfence's 2024 security report highlights an Arbitrary File Read vulnerability in the Eventin WordPress plugin (versions ≤4.0.26) allowing unauthenticated access to sensitive files. Discovered by researcher mikemyers, a patch (version 4.0.27) was released on April 30, 2025, after reports were validated. Users are urged to update immediately; Wordfence firewall protects against this vulnerability.

https://www.wordfence.com/blog/2025/05/10000-wordpress-sites-affected-by-arbitrary-file-read-vulnerability-in-eventin-wordpress-plugin/

Version 5.4 of the Akismet WordPress Plugin Is Available Now

Plugins / Akismet

May 7 2025

Akismet plugin version 5.4 released with a “Compatible Plugins” section for settings and stats pages using user locale. Upgrade via WordPress dashboard or download from the plugins directory.

https://akismet.com/blog/akismet-5-4/

ACF Chat Fridays: ACF Blocks Inline Editing Demo

Plugins / ACF

May 7 2025

ACF Chat Fridays is a monthly meetup for the Advanced Custom Fields community. The May 2, 2025 session featured a demo of inline editing for ACF Blocks, discussed ACF PRO 6.4's release, and encouraged community feedback. Hosted by Iain Poulson and others, it highlighted streamlined workflows and introduced new features while maintaining backward compatibility. Inline editing will be optional and not support certain complex fields initially. Upcoming sessions are scheduled monthly, with the next on June 6, 2025.

https://www.advancedcustomfields.com/blog/acf-chat-fridays-acf-blocks-inline-editing-demo/

How to Add an Author Bio to Your WordPress Posts

Plugins / JetPack

May 7 2025

Author bios enhance credibility in WordPress posts, aiding personal branding and SEO. Various methods are available to add bios, including editing user profiles, utilizing theme options, plugins, or manual coding. Key steps involve editing user profiles for bio info, adding profile pictures via Gravatar, and checking theme support for bio sections. Several recommended plugins (e.g., Simple Author Box, WP Post Author) allow for customizable bios, while coding offers full control. Schema markup can improve SEO, and troubleshooting tips address common issues like missing bios or images. Tools like Jetpack AI Assistant can streamline content creation for authors.

https://jetpack.com/resources/add-author-bio-in-wordpress/

WordPress Campus Connect Expands

WordPress / WordPress.org

May 7 2025

WordPress Campus Connect, launched in October 2024, is now an official event series after a successful pilot with 400 Indian students. It merges hands-on training with community activities like meetups and scholarships, inspiring interest from other organizations to replicate the model. Future events will target more students with diverse curriculum levels. Recognized as an event series, plans include larger student events and mentorship connections. Key next steps for volunteers involve creating resources, onboarding support, and establishing frameworks for student-led groups. The initiative exemplifies community engagement in WordPress education. Interested participants can join the #campusconnect Slack channel.

https://wordpress.org/news/2025/05/wordpress-campus-connect-expands/

Astra Pro 4.11.0: Sleek New Customiser UI, Accessibility Upgrades & Key Fixes

Themes / Astra

May 7 2025

Astra Pro v4.11.0 update released: new Customizer UI, improved accessibility, optimized performance, fixed site builder conditions, and resolved Elementor Pro conflicts. Update recommended for better site experience. Support available for issues.

https://wpastra.com/changelog/astra-pro-4-11-0-sleek-new-customiser-ui-accessibility-upgrades-key-fixes/

Astra 4.11.0: Refreshed Customiser UI, Accessibility Enhancements & More

Themes / Astra

May 7 2025

Astra v4.11.0 released with a new Customizer UI, accessibility enhancements, and fixes for a smoother, more accessible website experience.

https://wpastra.com/changelog/astra-4-11-0-refreshed-customiser-ui-accessibility-enhancements-more/

Introducing Four New Starter Sites for Charities on GeneratePress

Themes / GeneratePress

May 6 2025

GeneratePress launched four new Starter Sites for charities and nonprofits: Charity, Youth, Rescue, and Conserve. Designed for ease of use, these templates help organizations create professional, fast, and accessible websites to amplify their missions. Each site is fully customizable, mobile-responsive, donation-ready, and built for performance. Easy installation guides are provided to set up the templates on WordPress. GeneratePress emphasizes a user-friendly experience, allowing nonprofits to maintain high website performance without needing coding skills.

https://generatepress.com/starter-sites-for-charities/

Recently Disclosed SureTriggers Critical Privilege Escalation Vulnerability Under Active Exploitation

Plugins / security, Wordfence

May 6 2025

On May 2, 2025, a critical vulnerability in the OttoKit: All-in-One Automation Platform (formerly SureTriggers) plugin was added to the Wordfence vulnerability database, allowing unauthenticated attackers and those with a valid application password to gain admin access. Exploitation began the same day, with mass attacks starting May 4, resulting in over 2,400 blocked attempts. Users are advised to update to the patched version 1.0.83 if not already applied. Indicators of compromised sites include suspicious admin account creation patterns. Wordfence customers received protection immediately, while free users will get it by June 1, 2025.

https://www.wordfence.com/blog/2025/05/recently-disclosed-suretriggers-critical-privilege-escalation-vulnerability-under-active-exploitation/