Update UpdraftPlus free to 1.26.5+ or Premium to 2.26.5+, then verify backups, remote management, admin users, and restore points safely.
Update Everest Forms to 3.4.8 or newer after CVE-2026-3296 and CVE-2026-5478, then review forms, uploads, users, and site files safely.
Advanced Custom Fields: Extended CVE-2026-8809 affects versions through 0.9.2.5. Update to 0.9.2.6 or newer, then review WordPress admin users and public user forms.
Kirki CVE-2026-8206 affects versions 6.0.0 through 6.0.6 and is reportedly under active attack. Update to 6.0.7 or newer, then review WordPress admin accounts.
Meta Business Agent is rolling out for WhatsApp Business. Here is the WordPress and WooCommerce checklist for setup, eligibility, handoff rules, privacy, testing, and on-site chat.
WooCommerce 10.9 beta 1 is available now. Test checkout performance, email logging, product editor beta warnings, swatches, variation galleries, and extension compatibility on staging.
Uncanny Automator 7.3.1 adds useful fixes for WordPress automation sites. Update, test recipes, review Uncanny Agent visibility, and verify WooCommerce, forms, and LMS workflows.
Patch WooCommerce Custom Product Addons Pro CVE-2026-4001, verify product options, review WooCommerce orders, and inspect the site after a critical plugin update.
WordPress.org added a temporary 24-hour cooldown before plugin and theme releases flow through auto-updates. Here is what site owners, agencies, and hosts should do.
Patch CVE-2026-48837 by updating Unlimited Elements for Elementor to 2.0.9 or newer. WordPress.org currently lists version 2.0.10.
