July 31, 2025
This update covers critical security alerts for WordPress and Wix platforms, key AI developments in Google Search, including query fan-out and new features, along with guidance for ecommerce sites and imaging limitations. Read on for deeper insights into each release.
Table of Content
- Stored XSS flaw in WooCommerce review plugin affects over 80,000 sites#
- Critical authentication bypass flaw found in Wix’s Vibe coding platform
- Google reveals how query fan‑out powers AI Mode searches
- Mueller recommends testing ecommerce sites for agentic AI compatibility
- Google AI Mode gains file uploads, live video search, and planning canvas
- Google warns that CSS background images don’t get indexed
- UK rollout of Google AI Mode nears completion
This week in digital marketing, week 31, 2025
Stored XSS flaw in WooCommerce review plugin affects over 80,000 sites
A stored cross-site scripting (XSS) vulnerability has been found in the WooCommerce Customer Reviews plugin, impacting up to 80,000 WordPress sites. The issue stems from inadequate input sanitization via the ‘author’ parameter, allowing unauthenticated attackers to inject malicious scripts into review pages, which could execute whenever those pages are loaded.
Administrators are advised to update the plugin to the latest version immediately or disable it until a patch is applied. This highlights the importance of maintaining essential plugins and monitoring vulnerability disclosures for high-traffic e-commerce platforms.
Critical authentication bypass flaw found in Wix’s Vibe coding platform
A critical vulnerability was unearthed in Wix’s Vibe (Base44) coding platform that exposed apps to unauthorized access. Researchers at Wiz discovered an authentication bypass that could allow attackers to compromise enterprise applications built on Wix, though no known exploit appears to have occurred yet.
Wix has issued a patch, but this incident serves as a warning: platforms that enable AI-driven development workflows must include rigorous security vetting. Developers using Vibe should ensure they update immediately and review access controls.
Google reveals how query fan‑out powers AI Mode searches
Google’s Robby Stein explained the inner workings of the "query fan‑out" technique used within AI Mode. This method decomposes a user’s query into multiple sub-searches that run concurrently, sourcing data from systems like Shopping Graph and Google Finance to generate comprehensive and richer responses.
The result is a more nuanced and efficient search experience, particularly for complex or compound questions—and suggests that content creators should anticipate multiple query angles rather than optimizing for singular keyword queries.
Mueller recommends testing ecommerce sites for agentic AI compatibility
Google’s John Mueller advised ecommerce teams to validate whether their sites can be effectively used by AI agents like chatbots and virtual assistants. Ensuring accessibility and structured data compatibility is increasingly important as "agentic" AI systems may navigate sites autonomously to carry out transactions or collect data.
Site owners should consider adding agent compatibility checks to technical audits, focusing on ease of navigation, API readability, and semantic markup, to preserve visibility in emerging AI-driven commerce ecosystems.
Google AI Mode gains file uploads, live video search, and planning canvas
Google introduced major upgrades to AI Mode in Search, including desktop image and PDF uploads, a project-planning Canvas, and a Live Search Video input feature. Users can upload documents directly into Search to receive AI-powered summaries, organize ongoing research via Canvas, and engage in real-time video-based questioning using Google Lens and Project Astra.
These enhancements aim to transform search into a versatile tool for learning, study planning, and visual analysis across desktop and mobile environments. Publisher visibility control within AI modes is also under active refinement.
Google warns that CSS background images don’t get indexed
Google confirmed that images included via CSS background properties will not be indexed in Google Images. Developers are now advised to use <img> or <picture> tags for critical visual content to ensure visibility in image search results, while decorative graphics may still reside in CSS without SEO loss.
This recommendation reinforces best practices around semantic HTML structure and highlights that styling decisions can directly impact discoverability and indexing.
7. UK rollout of Google AI Mode nears completion
Google has expanded availability of AI Mode in Search to users in the United Kingdom, following earlier launches in India and the U.S. The new feature appears as an AI tab in Search results and is accessible via the Google app on mobile devices for eligible users perceiving English as their preferred language.
UK users now also experience multimodal search via text, voice, and image, signaling Google’s continued push to globalize its AI-enhanced search experiences.
Stay tuned for next week's digital marketing highlights!
A quick recap of the latest and most important trends, insights, and news shaping the digital marketing landscape, see you next week.
Junior content marketer
Aron is a 22-year-old Junior content marketer with a focus on digital strategy and audience engagement. He is gaining experience in creating and optimizing content to improve brand visibility and connect with target audiences. Always eager to learn, Aron stays updated on content trends and marketing techniques to contribute effectively to campaigns and projects.
