Wednesday July 5, 2023
This Month in WordPress: June Roundup
June was an exciting month for the WordPress community. WordCamp Europe was successfully hosted in Athens, Greece, and the first beta version of WordPress 6.3, the upcoming major release, was launched by contributors.
But that’s not all that happened in June – Hostinger also released a new feature for WordPress users.
Hostinger Blog Theme
Earlier this month, we launched our Hostinger Blog Theme to simplify the setup process for WordPress sites that we host. This theme is available to Business Web Hosting and Cloud Hosting users who set up their WordPress sites with the hPanel onboarding feature.
The theme was specifically built with the Hostinger AI Content Generator in mind. During the onboarding process, users can enter their business and blog descriptions, and the tool will deliver the website with pre-built content. Moreover, its integration with Unsplash includes relevant stock images for blog visuals.
Read our Hostinger Blog Theme product update post to learn more about these new features and how to use them.
- Refined Site Editor page management – Gutenberg 15.8 introduced a new feature to ease navigation between pages using the Site Editor. Gutenberg 16.0 now allows users to add new pages without leaving the editor.
- Lightbox element – a new option to modify image blocks with lightbox behavior is now available, eliminating the need for an additional plugin with the functionality.
- Changing reusable blocks to patterns – one of the biggest changes introduced with Gutenberg 16.1 involves reusable blocks. They’re now known as synchronized patterns. The merging of reusable blocks and patterns means that it’s now possible to create custom patterns in the editor, removing the need for an additional plugin or coding.
Most importantly, the WordPress 6.3 Beta version has been released for testing. This next major version integrates various features from Gutenberg 15.2 to 16.1 into the core software, along with numerous other enhancements and bug fixes.
You can test this release with the WordPress Beta Tester plugin. Choose the Bleeding edge channel and the Beta/RC Only stream to update your site to the WordPress 6.3 Beta. To keep everything safe during testing, be sure to use a staging website.
Stay tuned – we’ll shortly publish a blog post to inform you of what you can expect from WordPress 6.3.
One of the main highlights of June was WordCamp Europe 2023, which coincided with WordPress’ 20th anniversary. At the same time, the WordPress Community Team has announced exciting news about upcoming WordCamps.
WordCamp Europe 2023
WordCamp Europe 2023 was held in Athens, Greece, from 8 to 10 June 2023. Attended by 2,545 people from 94 countries, it was the biggest flagship WordCamp so far this year.
The event also featured several sessions relevant to recent trends, including 20 years of WordPress and AI presence in the WordPress ecosystem. Read our WordCamp Europe 2023 Roundup to learn about the event’s highlights.
Next-Gen WordCamp Pilot Events
The WordPress Community Team has come out with new ideas for WordCamps and community events. The community is encouraged to experiment with new formats and specific focuses.
After much discussion, 64 ideas were shared for the next-gen WordPress events, with 59 organizers willing to participate. More importantly, eight pilot events have been confirmed, six of which are scheduled for this year:
- Low-cost WordCamp – a WordCamp with attendance limited to 90 people without swag, social dinners, and after-parties. It was held in Leipzig, Germany, on July 1, 2023.
- WordPress Day – held in Sevilla, Spain, on July 2, 2023. This event resembled Contributor Day, with 50 attendees focusing on three specific contribution areas.
- Rural – a quarterly community event organized in rural areas with the aim of teaching WordPress to local communities and people who have limited access to big-city WordPress events. This type of event is being piloted in Spain, with the date still to be determined.
- WordPress for Publishers – a one-day WordPress event in Bangalore, India, targeted at publishers. This event will serve two purposes – existing WordPress users will discuss and brainstorm new WordPress features, while non-WordPress users will get to know WordPress better and make the switch.
- Community Day – scheduled for September 29, 2023, in Rome, Italy. It will gather all WordPress Meetups representatives in the country for event management workshops to ensure healthy and sustainable WordPress communities.
- Scale-up Workshop – a one-day WordPress proficiency workshop event in Tegal, Indonesia, scheduled for October 22, 2023.
These pilot events, while diverse in format, share a common theme – they are smaller and less expensive than traditional WordCamps. These events should pave the way for more affordable community get-togethers, enabling WordPress users to meet more frequently in various engaging formats.
WordPress Playground was a hot topic during WordCamp Europe 2023. As noted by Matt Mullenweg in his State of the Word 2022 keynote address, this browser-based sandbox is becoming increasingly stable and incredibly useful for testing themes, plugins, or even designing a website.
If you would like to experiment with WordPress Playground, simply visit the Playground URL, and you’ll be instantly provided with a temporary site you can tweak. Use the admin bar at the top to enter the admin panel.
What’s cool about the Playground is that you can switch between PHP and WordPress versions, so it’s easy to do compatibility checks for any plugin and theme.
You can also upload and download the website, making it easy to experiment and customize, and then upload your work to your live site.
WordPress Playground has some limitations, though. For example, you can’t install themes or plugins from the directory in the admin panel. Instead, you have to install them manually by uploading ZIP files.
WordPress Security News
When it comes to WordPress security news, we’ve examined the Patchstack database to identify significant security issues in popular plugins. The good news is that fewer vulnerabilities were found this month, and all the popular plugins listed below have already released updates to address these vulnerabilities.
Abandoned Cart Lite for WooCommerce
CVSS Score: 9.8 (Critical Severity)
This abandoned cart plugin for WooCommerce was vulnerable due to broken authentication. It could allow attackers to gain access to user accounts – namely, customers who had abandoned carts in their accounts. Higher-level users, including administrators, were also vulnerable.
While no exploitation has been reported, the developers already fixed this issue with version 5.15.0.
WooCommerce Stripe Payment Gateway
CVSS Score: 7.5 (High Severity)
This WooCommerce-developed plugin with 900,000+ installations was susceptible to two vulnerabilities – broken access control and insecure direct object references. Although they’re different types of vulnerabilities, both could result in malicious actors getting high-level access to a site.
Despite this, they got the same Common Vulnerability Scoring System grade – 7.5. The vulnerabilities were fixed in version 7.4.1. However, almost 50% of active installs still use earlier versions, making over 450,000+ websites vulnerable.
CVSS Score: 9.9 (Critical Severity)
One of the most popular download manager plugins with 100,000+ active installations was vulnerable to critical arbitrary file upload vulnerability. Malicious attackers could upload any type of file to a website, granting them backdoor access to it.
All versions of Download Monitor up to 4.8.3 are vulnerable, with the fix available with version 4.8.4.
Unlimited Elements For Elementor
CVSS Score: 8.3 (High Severity) to 9.9 (Critical Severity)
Multiple vulnerabilities were detected in Unlimited Elements For Elementor plugins, including broken access control, restrictions bypass, and arbitrary file upload. Users who have installed this plugin’s version 1.5.65 and lower are at high risk of security breaches.
If you’re using this plugin, ensure your site is safe by updating it to at least version 1.5.67.
What’s Coming in July
In July, most of the WordPress community’s focus will be dedicated to the upcoming WordPress 6.3. Although the final release is slated for August, you can start testing the Release Candidate version from July 18, 2023.
If you are a website, plugin, or theme developer, we highly recommend testing your products with the Release Candidate version to ensure everything functions as expected.