Weekly Roundup: June 15, 2026 – June 21, 2026

This week brought a mixed bag of news for the WordPress community — from exciting new features to some genuinely concerning security issues that demand immediate attention. Let’s break down what happened.

Security Alert: Two Critical Issues Demand Your Attention

We need to talk about security first, because this week highlighted just how vulnerable WordPress sites can be if you’re not staying on top of updates.

Everest Forms Pro is under active attack, and I’m not being dramatic here. This isn’t a theoretical vulnerability — hackers are exploiting it right now to take over sites. If you’re using this plugin, you need to update immediately. Like, stop reading this and go check your plugins dashboard. The flaw is critical enough that attackers can gain complete control of your site, which is about as bad as it gets.

But here’s the story that really caught my attention this week: finding zero-day vulnerabilities in WordPress plugins now costs about $20. Researchers built an AI system that discovered over 300 security flaws in just three days. Think about that for a second. What used to require skilled security researchers and significant time investment can now be automated for pocket change. This fundamentally changes the security landscape for WordPress. The good guys can find vulnerabilities faster, sure — but so can the bad guys.

Product Updates: PPOM Gets a Major Upgrade

On a more positive note, PPOM rolled out version 27.0.0 with some genuinely useful features. If you’re running a WooCommerce store and need custom product fields, the new template library and live preview functionality should make your life considerably easier. It’s the kind of update that might not make headlines, but it’ll save you hours of work if you’re building custom product options.

SEO Resource Roundup

For those of you who geek out on SEO (and let’s be honest, if you’re reading this, you probably should), HackerNoon organized their library of 443 SEO posts by reading time. It’s a small thing, but it’s actually pretty smart. Instead of just throwing everything at you chronologically or by popularity, you can now find content that fits the time you actually have available. Got five minutes? There’s content for that. Want to deep-dive for an hour? They’ve got you covered.

Looking Ahead

The security stories this week aren’t isolated incidents — they’re part of a broader trend we’ll be watching closely. As AI makes vulnerability discovery cheaper and faster, we’re likely to see more disclosures in the coming weeks and months. If you’re running a WordPress site, now’s a good time to audit your plugins, make sure everything’s updated, and maybe set up some automated monitoring if you haven’t already. The game is changing, and staying secure means staying vigilant.