#225- WCUS 2025 Social Media Stir, Automattic Turns 20, WP to End Support for Old Versions

Hello!

This week on The WP Week Newsletter, we cover the WCUS 2025 social media post that sparked community-wide discussions, Automattic turning 20, WordPress to drop support for versions 4.1-4.6 soon, exciting new projects, and more.

Don’t forget to subscribe and listen to the podcast version of this newsletter, where you can hear more details and discussions about these topics and more.

See you next week!

Team WP-CONTENT.CO

🙌 This weekly newsletter is kindly sponsored by Kinsta, Omnisend, and WP Job Openings

Kinsta – Highest-rated managed WordPress hosting provider on G2 Check it out  →

Boost your sales with email & SMS—without breaking the bank Check it out  →

Create a career page and start recruiting talents in a few minutes Check it out  →

🗣️TALK OF THE TOWN

A social media post on X stating that WordCamp US 2025 is an Automattic event sparked a community-wide discussion.  It was posted as a reply to developer Daniel Hayes Smith, and later a clarification was provided regarding it, “ Lots of assumptions, my apologies. I’m a new community member without all the facts and just volunteering to help an event that has personally supported me and given me tons of value.”

The team later made it clear that it is not an Automattic-run event: ” We’d like to clarify: WordCamp US, like all WordCamps, is not an Automattic-run event. It’s organized by the broader WordPress community, with programming led by a diverse group of contributors.”

📰  WORDPRESS & AROUND

All the updates around WordPress and its closely related technologies

Starting July 2025, the WordPress Security Team will no longer provide updates for WordPress versions 4.1 through 4.6. While official support is limited to the latest WordPress release, the team has long offered backported security fixes to older versions in the hope that the sites will be updated to the latest version.

  • Survey: Which WP accessibility documentation do you need?: Work is progressing on enhancing the accessibility documentation in the team’s Handbook, and your input can help shape it. If you’d like to share what you think is important to include, please take a moment to fill out the feedback form.
  • Five for the Future WCEU25 chat: At WCEU 2025, WordPress leaders, contributors, and sponsors came together for a deep dive into the future of contribution. The discussion centered around evolving Five for the Future (5ftF), addressing burnout, redefining what counts as contribution, and improving governance, funding, and recognition across the ecosystem.
  • The Incident Response Team is looking for new members: The applications are now open and will remain open until July 6, 2025.
  • Celebrating 20 Years of Automattic: On June 20, 2025, Automattic marked its 20th anniversary. Founded in 2005 by Matt Mullenweg after hiring Donncha Ó Caoimh, the company has grown from a small team to a global force of over 1,480 employees in 82 countries. Matt also wrote about the occasion, stating, “Gosh, it’s been quite a journey, and it still feels like we’re just getting started in so many areas.”
  • WooCommerce 9.9.4: Fixes and an updated email rollout: WooCommerce 9.9.4, release focused on stability improvements, security enhancements, and bug fixes. Key changes include pausing the automatic rollout of the new email design (now manual opt-in), sanitizing admin report inputs to prevent SQL injection, and more. Additionally, WooCommerce 9.9.5 has been released, which fixed the unwanted block styles loading on all pages in classic themes. Also, WooCommerce 10.0 is currently scheduled for release on July 7, 2025..
  • Attackers actively exploiting critical vulnerability in Motors Theme: A critical privilege escalation vulnerability (CVE-2025-4322) was discovered in the popular Motors WordPress theme (≤5.6.67), allowing unauthenticated attackers to reset user passwords including admins and take over sites. All users are to update to the latest version immediately.
  • 100,000 WordPress sites affected by privilege escalation via MCP in AI Engine WordPress plugin: This vulnerability can be exploited by authenticated attackers, with subscriber-level access and above, to get full access to the MCP and execute various commands like ‘wp_update_user’, allowing them to escalate their privileges to administrators by updating their user role. The vulnervilty was patched and users are to update to the latest version.
  • Malicious WordPress plugin creates hidden admin user backdoor: The Sucuri team discovered a malicious WordPress plugin disguised as php-ini.php that was found creating a hidden admin user named mr_administartor. The plugin executed code only when a specific URL parameter was triggered, quietly adding a backdoor admin account. The team also discovered another malicious plugin named wordpress-player.php that was found redirecting site visitors to suspicious websites after a few seconds.
  • A deep dive into a modular malware family: This in-depth analysis by Wordfence reveals a modular and evolving malware framework actively targeting WordPress sites since 2023. Initially disguised as a rogue WordPress plugin, the malware exhibits sophisticated features: credit card skimming, login credential theft, ad fraud, and even backend manipulation to hide fraudulent transactions.
  • Google adds AI Mode Traffic to Search Console Reports: Google updates documents to show that it now includes AI Mode traffic in Search Console Performance reports.
  • Google launches ‘Search Live’ real-time voice search in AI mode: Google Search Live with real-time voice conversations is now available in AI Mode for U.S. users. Talk to search, get audio responses plus web links.

💵 INVESTMENTS, ACQUISITIONS & PARTNERSHIPS

👥 COMMUNITY NEWS

Updates and News from the WordPress Community

Originally set for June 5, 2025, the hearing was vacated due to the Court’s full calendar. It will now take place on August 28, 2025, at 2:00 PM, as approved by Judge Araceli Martínez-Olguín. WordCamp US 2025 is scheduled to run from August 26 to 29, overlapping with the new hearing date.

🚀 NEW PROJECTS

🔖 INTERESTING READS & PODCASTS

More posts and podcasts from the WordPress Community you don’t want to miss

🛠 GUIDE ZONE – HOWTO’S and MORE

Handpicked fresh guides from WordPress circle

📆 SAVE THE DATES

Do not miss a WordPress event ever again

🎁 WORDPRESS DEALS OF THE WEEK

Again, these are the best deals of the week, handpicked by yours!

EXCLUSIVE DEALS
  • 4 Months free offer on hosting plans of WP Engine (Coupon Code- FREEDOMTOCREATE)
  • 10% off on monthly & annual plans at SureTriggers (Coupon Code- WPCONTENT10)
  • 15% off yearly plans at Videvo (Coupon Code – WPV15)
MORE DEALS

This weekly newsletter is kindly sponsored by awesome WordPress Companies 🦸‍♂️🙌

Create a career page and start recruiting talents in a few minutes Check it out  →

Kinsta – Highest-rated managed WordPress hosting provider on G2 Check it out  →

Boost your sales with email & SMS—without breaking the bank Check it out  →

Last but not least, updates from WP-CONTENT.CO 👇

An effort to improve accessibility documentation for WordPress officially kicked off during Contributor Day at WordCamp Europe 2025…

A successful digital marketing strategy isn’t just about the conversions, but also about knowing which campaigns drove those…

A new initiative called FAIR, short for Federated and Independent Repositories, aims to reduce reliance on the centralized…

After years of growing and evolving, Do the Woo, originally launched by Bob Dunn in 2016 as a…

Team WP-CONTENT.CO

This weekly newsletter is kindly sponsored by Kinsta, Omnisend, and WP Job Openings

Built with Newsletter Glue.