A security update that fixes two issues has led to the release of WordPress 6.8.3, an update that is recommended to be applied urgently on all sites.
Remember that you can listen to this program from Pocket Casts, Spotify, and Apple Podcasts or subscribe to the feed directly.
Program transcript
Hello, Iâm Alicia Ireland, and youâre listening to WPpodcast, bringing the weekly news from the WordPress Community.
In this episode, youâll find the information from September 29 to October 5, 2025.
WordPress 6.8.3 is now available as a security release. It includes two fixes: a data exposure issue that allowed authenticated users to access restricted content, and an XSS vulnerability in navigation menus that required an authenticated role.
The update is applied automatically on sites with background updates enabled. All users are advised to update as soon as possible. These fixes have also been backported to previous supported branches, from 4.7 onwards.
WordPress 6.9 will introduce border radius size presets, a new option for theme developers. They can be defined in the theme.json file, creating a list of values with name, slug, and CSS size. This generates reusable variables to apply rounded corners consistently across compatible blocks.
The interface shows a slider or a dropdown depending on the number of presets defined. These values are converted into custom CSS properties, making it easier to maintain a consistent style throughout the theme and simplifying visual editing.
Gutenberg 21.7 arrives with interesting updates. The command palette can now be used across all editor screens, streamlining navigation. A new experimental block, Terms Query, also appears, designed to display taxonomies in a way similar to the post query block. Additionally, unsynced patterns and template parts now have a content-only editing option, and improvements continue in the block-level comments feature.
On the technical side, new controls have been added in DataViews, such as color, password, or phone fields, along with validation improvements. The project continues to receive contributions from collaborators, including several first-time contributors, showing the vitality of the community.
The AI team focused its latest meeting on advancing with the Abilities API and the MCP Adapter, in preparation for WordPress 6.9. It was agreed to limit the scope to include only the API and a couple of small stable tools in core, while other proposals will be tested in the experiments plugin. It was also decided that categories will be required in ability registration, to make organization and interaction with AI easier.
Regarding the MCP Adapter, merging version 0.3, still considered alpha, was approved as soon as possible to expand testing during the 6.9 beta. Although there are community concerns about the stability of the protocol, the team emphasized that the choice of the adapter is precisely to ensure future flexibility if the standard changes.
The Test team is overhauling the Test Handbook, which had not been updated in a long time. The goal is to keep the documentation up to date with new protocols and recent decisions, moving all content to the GitHub repository to improve traceability and collaborative work.
The plan includes syncing existing documentation, reviewing materials such as images or videos, and creating a content manifesto. Once this phase is completed, future improvements will be managed with issues and pull requests in GitHub, ensuring transparency, quality control, and broader community participation.
The Community team has reported that an organizer misused leftover funds from a WordCamp in 2024 for personal expenses, totaling about 734 dollars. Despite several attempts, the money could not be recovered, and new measures have been decided: from now on, global grants will be delivered in several small payments instead of a single one, to reduce the risk of mismanaged leftovers.
As for sanctions, the person involved has been reported to local authorities, permanently banned from organizing and participating in WordPress events, and their WordPress.org and Slack accounts have been permanently blocked. The team stresses that event organization is based on trust, and although this is an isolated case, these measures have been taken to protect the community.
And finally, this podcast is distributed under a Creative Commons license as a derivative version of the podcast in Spanish; you can find all the links for more information, and the podcast in other languages, at WPpodcast .org.
Thanks for listening, and until the next episode!
Leave a Reply