In addition to the regular feature and product patches typically released, there were a few updates of note last month that may be applicable to your site including:
Security-related Patches in December:
- Elementor, a framework in use on client sites developed by third parties, was once again updated to patch a number of security vulnerabilities.
- Gravity Forms 2.9.24 was released and included added security enhancements.
- Wordfence premium firewall used to protect your sites received improvement updates: 8.1.3 / 8.1.4
- And Defender Pro premium firewall received two feature & improvement updates in December: 5.8.0
Care Plan customers are slowly being migrated to Defender Pro as its feature set is improved and reliability tested.
A major Security Patch was released for the e-commerce solution, WooCommerce. The vulnerability was found in WooCommerce’s Store API and could allow logged-in customers to view order details belonging to guest customers (those who checked out without creating an account). Upon discovery, the Woo development team immediately created patches for all 23 affected WooCommerce versions from 8.1 through 10.4.2.
For the vast majority of Care Plan clients running WooCommerce this vulnerability was not an issue, however for those who may have been affected, the patch was applied to your site as soon as it was made available. IF exploited, it’s important to note that no credit card or other financial details would have been exposed.
If interested, you can read more about the WooCommerce update and security patch here:
https://developer.woocommerce.com/2025/12/10/woocommerce-10-4-the-interactivity-api-mini-cart-goes-live/
All other security patches and affected plugins, including some listed in the overview below, are generally patched via your Care Plan within 24-48 hours of an update becoming available depending upon the severity of the patch.
Other updates to note in December included:
Gravity Forms 2.9.24, Contact Form 7 6.1.4, JetPack 15.3+, Envira Gallery 1.12 / 1.13, NextGen Gallery 4.0.0+, Sugar Calendar 3.10.0, Advanced Custom Fields 6.7.0, Secure Custom Fields 6.7.0-6.8.0, Yoast 26.6, PostSMTP 3.7.0, and the behind-the-scenes plugins used to optimize the operation of your site including: Smart Crawl Pro 3.14.6 (SEO support), Hummingbird Pro 3.18+ (advanced caching), Smush Pro 3.23+ (image compression), and Branda Pro 3.4.28/3.4.29 (site white labeling/branding).
As mentioned, for sites that use it, WooCommerce 10.4.0 as well as several supporting plugins for WooCommerce were released to patch up a few bugs in the ecommerce package.
Please note that this does not include all updates made to your site, nor does it detail every release of any one particular plugin. As always, if you have any questions or would like more specific details about any of the updates applied to your site specifically, please don’t hesitate to let me know!
Ongoing Issues, Updates & Improvements:
Divi 5: Elegant Themes has officially announced a release date of February 26, 2026 for Divi 5. However, Divi 4 will continue to be supported for at least another 6 months at which point migration to Divi 5 will be mandated to stay up to date. In the mean time, third party plugin support continues to roll out. All Care Plan clients will remain on Divi 4 for now while I begin testing the final release and migrating to the final release after it’s made public. Stay tuned for more updates!
Plugin Update Summary for December 2025:
WordPress Core
Version 6.9
Security-Related Updates
Wordfence 8.1.3 / 8.1.4
Defender 5.8.0
Elementor 3.33.4 / 3.33.5
Essential Addons for Elementor 6.5.4
WooCommerce 10.4.3
Gravity Forms 2.9.23.1 / 2.9.24
Hummingbird Pro 3.18.1
Branda Pro 3.4.29
Yoast 26.6 (minor)
Woo Shipping 2.0.2
Sugar Calendar 3.10.0
Feeds for YouTube 2.6.1 / 2.6.2
Simple CAPTCHA Alt 1.36.0 / 1.36.1
Divi Supreme Lite 2.5.63
Responsive LightboxGallery 2.5.5 / 2.6.0
Strong Testimonials 3.2.19
Advanced Ads 2.0.15 / 2.0.16
Standard Plugins
SmartCrawl Pro 3.14.6
Hummingbird Pro 3.18 / 3.18.1
Smush Pro 3.23 / 3.23.1
Branda Pro 3.4.28 / 3.4.29
Gravity Forms 2.9.23.1/2.9.23.2
GF Mailchimp 5.7.2
GF Square Add On 2.5.1
GP File Upload 1.5.10
GF Advanced Post Creation 1.6.0 / 1.6.1
Gravity SMTP 2.1.1 / 2.1.2
Contact Form 7 6.1.4
Conditional Fields for CF 7 2.6.7
Sugar Calendar 3.10.0
Events Calendar
Yoast 26.5 / 26.6
JetPack 15.3 / 15.3.1
Advanced Custom Fields (ACF) 6.7.0
Secure Custom Fields (SCF) 6.7.0 / 6.7.1 / 6.8.0
Post SMTP 3.6.3 / 3.7.0
TablePress 3.2.6
Envira Gallery 1.12.1 / 1.13.0 / 1.13.1
NextGen Gallery 4.0.0 / 4.0.1 / 4.0.2 / 4.0.3
Publish Press Permissions 4.6.0 / 4.6.1 / 4.6.2 / 4.6.3
Posts Table with Search & Sort 1.4.12
Slider Revolution 6.7.40
Smart Slider 3 Pro 3.5.1.31
Strong Testimonials 3.2.19
WP All Export 1.4.14
List Category Posts
Advanced Ads 2.0.15 / 2.0.16
WP Optimize 4.4.0
Simple Social Icons 4.0.0
Responsive LightboxGallery 2.5.5 / 2.6.0
Google Analytics for WordPress 9.10.1 / 9.11.0
Constant Contact for WP 2.15.0
CookieYes 3.3.8 / 3.3.9 / 3.3.9.1
Embed Plus for YouTube Gallery 14.2.3.3 / 14.2.4
Feeds for YouTube 2.6.1 / 2.6.2
WPForms lite 1.9.8.7
Themes and Related Plugins
Divi / Extra 4.27.5
Divi Supreme Lite 2.5.63
Divi Modules Pro 1.2.9.5
Supreme Maps Pro
Elementor 3.33.3 / 3.33.4 / 3.33.6 / 3.34.0
Astra (Elementor Theme) 4.11.16 / 4.11.17 / 4.11.18
Essential Addons for Elementor 6.5.4 / 6.5.5
Ultimate Addons for Elementor 2.7.1
Redux Framework
SeedProd Pro 6.19.5
WooCommerce-Related
WooCommerce 10.3.6 / 10.4.0-10.4.2 / 10.4.3
Woo Smart Coupons 9.64.0 / 9.65.0
Woo Product Add-Ons 8.1.2
Woo Variation Swatches 3.1.14
Woo Adv Shipping Packages
Flexible Shipping 6.4.5 / 6.5.0 / 6.5.1 / 6.5.2
Flexible Shipping Pro 4.0.10 4.0.11
Woo Shipping 2.0.2
Woo Tax 3.3.0
PDF Inv & Packing List 5.2.0 / 5.3.0 / 5.4.0
Woo Order Status Mgr 1.15.7
Woo URL Coupons 2.16.2
Woo Stripe 10.2.0
WooPayments 10.3.0 / 10.3.1
Google for WooCommerce 3.5.1
Tickera 3.5.6.4
YITH Authorize.net 1.50.0
YITH Subscription 4.18.0
YITH Dynamic Pricing 4.26.0
YITH Membership 2.27.0
YITH Sequential Ord Numb 1.51.0