6,000 WordPress Sites Affected by Arbitrary File Move Vulnerability in Drag and Drop Multiple File Upload for WooCommerce WordPress Plugin

Plugins / ,

Wordfence's Bug Bounty Program offers up to $31,200 per vulnerability. On March 28, 2025, a vulnerability in the “Drag and Drop Multiple File Upload for WooCommerce” plugin was reported, allowing unauthenticated users to move critical files. Researcher Phat RiO earned $315 for the find. Users should update to version 1.1.5 to protect against this critical flaw, which could lead to site takeover. The vulnerability was disclosed and patched promptly by the developer.

https://www.wordfence.com/blog/2025/04/6000-wordpress-sites-affected-by-arbitrary-file-move-vulnerability-in-drag-and-drop-multiple-file-upload-for-woocommerce-wordpress-plugin/

The 6 Best Translation Plugins for WordPress (Including Auto-Translation)

Plugins /

TLDR: Expanding a WordPress site to multiple languages is easier with translation plugins. Manual translation is time-consuming and costly, while automatic tools like Google Translate are faster but less accurate. Hybrid options blend both methods for efficiency. Key features to look for include ease of use, AI assistance, SEO capabilities, and compatibility with themes/plugins. Top plugins reviewed include Jetpack AI Assistant, WPML, Polylang, TranslatePress, GTranslate, and Weglot, each offering unique features and pricing. Jetpack AI Assistant is highlighted as the best due to its integration and ease of use.

https://jetpack.com/resources/best-wordpress-translation-plugins/

WordPress 6.8 “Cecil”

WordPress /

WordPress 6.8, “Cecil,” honors jazz musician Cecil Taylor. This version enhances site management with new features like a structured Style Book, faster page loads through speculative loading, improved password security via bcrypt, and over 100 accessibility fixes. The update prioritizes performance boosts for editing and navigation, encouraging users to explore the innovative changes. Details on installation and enhancements are found in the release notes. The release involved over 900 contributors. Download WordPress 6.8 “Cecil”.

https://wordpress.org/news/2025/04/cecil/

Introducing GenerateBlocks 2.1

Themes /

Alpha versions for development/staging only. GenerateBlocks 2.1.0-alpha.1 released on April 15, 2025. Enhanced control for block design with new features: styles builder indicator system, device visibility controls (Pro), iFrame editor support, static position control, ARIA-label fields, inline-grid layout, and customizable tab/accordion tags (Pro). Improved performance, usability tweaks, and key bug fixes included. Update GeneratePress theme to 3.6.0 for seamless integration. Enhanced experience for all WordPress users, simplifying site creation.

https://generatepress.com/introducing-generateblocks-2-1/

GenerateBlocks 2.1.0

Themes /

Alpha testing version released. Features added: full iframe editor, improved styles indicator, static position value, aria-label field for blocks, inline-grid option, inherited values as placeholders. Fixes include: missing query parameter, color picker support, unit typing issues, block preview styles, and various editor enhancements. Tweaks enhance performance, visibility features, block keywords, and CSS filtering. Release post linked.

https://generatepress.com/generateblocks-2-1-0/

Scroll to Top