Weekend Within roundup · June 05, 2026 · 4 min read

Issue 04: Patch now, watch 7.1

Three urgent plugin updates, plus two WordPress 7.1 changes worth watching.

Reading

Issue 04

This week has one clear priority. Update vulnerable plugins before you do anything else.

After that, watch two WordPress 7.1 changes that could make publishing easier. One targets team editing. The other could make image uploads faster and more reliable.

Security: Update these plugins now

Two plugin flaws already sit in attacker playbooks. If you run Burst Statistics or Everest Forms Pro, treat this as a same-day update. Kirki also needs attention because the flaw could hand an attacker one of your user accounts, including an admin account.

Here are the three items that matter:

Burst Statistics needs version 3.4.2. The vulnerable range runs from 3.4.0 through 3.4.1.1. Attackers can use the bug to become your admin.
Everest Forms Pro needs version 1.9.13 or later. Attackers can use this flaw to run their own code on your server and take over the site.
Kirki needs the latest version. The problem sits in the 6.0 release line and lets an attacker hijack the password reset flow.

Do not stop after the update. Check your administrator list, reset admin passwords if anything looks odd, and remove a plugin you cannot patch today. A security plugin helps, but it does not replace the actual update.

WordPress 7.1: Better team editing and smoother image uploads

WordPress 7.1 could improve two jobs that frustrate site owners all the time. The first is working on the same content with other people. The second is uploading large image files without fighting your hosting limits.

Core contributors now want real teams to test collaborative editing ahead of 7.1. This feature lets more than one person work in the same post at the same time, much like a shared document. WordPress 7.0 missed that target, so this round matters. If your staff often step on each other in drafts, keep an eye on the collaborative editing outreach effort. Test it on a staging site, not your live site.

Image handling also looks more promising. Core now tests a system that lets your browser resize and process images before WordPress sends them to the server. That shift could reduce strain on smaller hosting plans and bring more consistent image quality across sites. It could also help WordPress support newer image formats more smoothly. If your site depends on heavy image publishing, watch the client-side media processing test and try it early if you already use beta tools.

Gutenberg 23.3 offers a small preview of where some of this work heads next. It makes the new media crop window the default experience and adds an experimental customizable dashboard. Most site owners can ignore that for now unless they install the Gutenberg plugin to preview upcoming features.

End of article

Weekend Within · Free

If you found this useful, subscribe free.

The Weekend Within roundup ships every weekend. Six minutes. The WordPress news that matters, translated out of developer-speak. Unsubscribe any time.

↓ Read next

Issue 1: 7.0 Gets Real

Weekend Within roundup · 6 min