Weekly Roundup: June 1, 2026 – June 7, 2026

This week brought a rough reminder that WordPress security never sleeps. We saw multiple vulnerabilities surface across popular plugins, watched WordPress 7.0 land with some unexpected changes (and new security concerns), and covered an essential troubleshooting guide that hopefully you’ll never need to use.

Security Alerts Dominate the Week

It wasn’t a great week for plugin security. Two separate vulnerabilities affecting thousands of sites made headlines, and both deserve your immediate attention if you’re running the affected plugins.

First up, WP Maps Pro had a critical flaw that put over 15,000 WordPress sites at risk of complete takeover. Yeah, you read that right—complete takeover, no credentials needed. If you’re using WP Maps Pro, this should be at the top of your to-do list today.

Then we covered a serious security issue in the Funnel Builder plugin that’s being actively exploited in the wild. Attackers have been using it to inject malicious code into WooCommerce checkout pages and steal payment information. If you’re running an online store with Funnel Builder, you need to patch this immediately and possibly audit your checkout flow for any suspicious activity.

WordPress 7.0 Arrives With Surprises

The big news this week was WordPress 7.0 finally shipping on May 20th, though not quite as expected. The promised real-time collaborative editing feature got yanked just twelve days before launch, which definitely raised some eyebrows. Instead, we got new AI features that are honestly pretty cool—but they come with their own security headaches.

Hackers are already targeting API keys related to these new AI integrations, which means site owners need to be extra careful about how they’re storing and managing those credentials. It’s a reminder that every new feature brings new attack vectors, even when those features are genuinely useful.

Essential Admin Knowledge

Rounding out the week, we published a comprehensive guide on safely downgrading WordPress. Nobody wants to roll back their WordPress version, but sometimes updates break things or create compatibility nightmares that force your hand. This step-by-step guide walks you through the process safely, because the last thing you need when dealing with a broken site is to make things worse.

Looking Ahead

Next week we’ll be keeping a close eye on whether more security issues emerge from WordPress 7.0’s AI features, and we’re expecting some plugin developers to announce how they’re adapting to the new version. We’ll also be watching to see if the collaborative editing feature gets a revised timeline or if it’s been shelved indefinitely. Stay safe out there, and seriously—if you’re running either WP Maps Pro or Funnel Builder, patch those vulnerabilities today.