Skip to main content

Weekly Website Trends: WordPress Admin-Takeover CVE, Shopify in ChatGPT, AI Mode Hits 93% Zero-Click

· 14 min read
WebDialogAI Team

This week may go down as the moment "AI" stopped being a marketing word for website owners and became an operational one — for good and for bad.

A WordPress plugin used by millions of sites was found to allow silent admin takeover. Shopify merchants are now selling inside ChatGPT, Copilot, and Gemini without lifting a finger. Google's AI Mode just pushed the zero-click rate to 93%. And Anthropic confirmed an internal AI model is now finding zero-days that humans missed for 27 years.

Catch up on previous roundups: last week, earlier this month, and the April overview. Here are seven new developments that matter right now.

1. Critical WordPress CVE-2026-1492: Millions of Sites Can Be Taken Over

Patch this one tonight if you can.

A critical authentication-bypass flaw — CVE-2026-1492 — was disclosed on April 13 in the User Registration & Membership plugin. The flaw lets an unauthenticated attacker bypass nonce validation using security tokens that the plugin exposes in client-side scripts, then craft requests that grant full administrator access. From there an attacker can install malicious plugins, execute code, and seed backdoor accounts.

  • Affected: all versions ≤ 5.1.2
  • Fixed in: 5.1.3
  • Sites at risk: "millions" per the disclosure
  • Disclosure: April 13, 2026

Adding to the urgency, the Ninja Forms flaw from last week (CVE-2026-0740, CVSS 9.8) is now under active mass exploitation, with thousands of attempts logged across roughly 50,000 sites.

Meanwhile, WordPress 6.9.4 shipped this week with 10 security fixes and a template-loading bug patch.

What to do now:

  • If you run User Registration & Membership, update to 5.1.3 immediately. Then audit users for unfamiliar admin accounts and rotate all admin passwords.
  • If you use Ninja Forms with the affected addon, patch and check upload directories for unexpected files.
  • Update WordPress core to 6.9.4 across all sites — don't postpone "minor" releases.
  • If managing WordPress security feels like a second job, consider migrating product/policy content to a knowledge base your AI chat owns so a future plugin compromise doesn't take down your customer-support layer with it. WebDialogAI's WordPress integration keeps the chat widget served from a separate, hardened domain.

2. Basic-Fit and Booking.com Breaches: The Credential-Reuse Tax Just Went Up

Two breaches landed within 24 hours and both matter to ecommerce operators — not because you run a gym chain, but because your customers reuse passwords.

European fitness giant Basic-Fit disclosed on April 13–14 that attackers accessed records for up to 1 million members across the Netherlands, Belgium, Luxembourg, France, Spain, and Germany. Exposed fields include names, addresses, emails, phone numbers, dates of birth, and bank account details — though no passwords or ID documents.

In parallel, attackers gained access to some Booking.com user data including names, emails, phone numbers, and booking details.

For online stores this means three things in the next 30 days:

  • A surge in credential-stuffing attempts against your customer logins from rotated lists
  • A surge in phishing that name-drops gym memberships, hotel stays, or refund offers — and lands in your support inbox demanding action
  • More chargebacks tied to account takeover, which always blames the merchant first

What to do now:

  • Force a password reset for any customer accounts that haven't logged in for 90+ days; rate-limit login endpoints.
  • Brief your support team — and your AI chat — on phishing-flavored questions ("did I make a $2,500 booking?"). A well-trained AI chatbot for your website should escalate suspicious-activity messages to a human agent automatically.
  • Check whether your email provider supports DMARC enforcement; many SMBs still publish p=none, which is an open invitation to brand spoofing.

3. Shopify Merchants Can Now Sell Inside ChatGPT, Copilot, and Gemini

This week the Agentic Storefronts rollout reached enough merchants that we can finally say it: the AI checkout window is real.

Through Shopify's Agentic Storefronts program, eligible products from millions of Shopify merchants are now discoverable — by default, with no apps to install and no extra transaction fees beyond standard processing — across:

  • ChatGPT (hundreds of millions of users)
  • Microsoft Copilot (Shop Pay coming soon)
  • Google Search AI Mode and the Gemini app via the Universal Commerce Protocol
  • Meta experiences (UCP-powered checkout coming)

Buyers discover products in the AI chat, then complete purchases on the merchant's storefront — meaning the merchant remains the merchant of record and keeps the customer relationship and data. Orders flow into the Shopify Admin tagged with referral attribution so you can track which AI surface drove the sale.

What to do now:

  • Check your Shopify Admin for the "Agentic" or "AI channels" surface and verify your catalog is enabled.
  • Audit your product titles and descriptions — AI shopping assistants extract structured attributes (size, material, use case). Vague copy that ranked fine on Google will be skipped by ChatGPT.
  • Make sure your post-purchase experience handles AI-referred buyers: they expect the same site to answer follow-up questions in chat. Pair Agentic Storefronts with a Shopify-native AI chat widget so the conversation keeps going after they land on your store.

4. Shopify Just Unlocked B2B for Every Plan — at No Extra Cost

On April 2, Shopify made its B2B feature set — company profiles, custom catalogs, volume discounts, quantity rules — available on Basic, Grow, and Advanced plans for the first time. Previously these were Shopify Plus exclusives.

Why this matters: a real B2B channel doesn't require a separate platform anymore. A DTC merchant can now spin up a wholesale price list, gate it behind buyer accounts, and start emailing invoices the same week — without paying $2,300/month for Plus.

What's still Plus-only:

  • Unlimited customer-specific catalogs
  • Direct catalog assignment to companies/locations
  • Partial payments and deposits

Samir Pradhan, VP of Product at Shopify, framed it as: "Key pieces of what has been refined on Shopify Plus over nearly four years are now rolling out to all merchants."

What to do now:

  • If 5%+ of your DTC orders are bulk or repeat-buyer, build a wholesale catalog this month — the conversion rate on a real B2B flow beats DTC every time.
  • Train your AI chat to detect B2B-intent messages ("can I get a quote for 50 units?") and route them to a sales agent rather than a generic checkout link. The agent console supports priority routing for high-value conversations.

5. Google AI Mode Hits 93% Zero-Click — GEO Is No Longer Optional

The most consequential SEO data of the year so far.

According to Q1 2026 figures aggregated by Pasquale Pillitteri's analysis and corroborated by Similarweb, 93% of searches in Google's AI Mode end without a single click to any website. Across all of Google search, the zero-click rate has climbed past 60%, and AI Overviews reduce average CTR by 58% when present.

Translation: ranking #1 on Google in 2026 is worth roughly half what it was in 2024 — sometimes less, depending on how often AI Overviews trigger for your queries. Some sectors have lost 40–70% of organic traffic in a single year.

The new discipline is Generative Engine Optimization (GEO): structuring your content so that AI answer engines lift the right facts about your business — with attribution.

What to do now:

  • Audit whether your top product/policy pages contain the structured facts an AI would extract: pricing, materials, return windows, shipping cutoffs. Bury those in marketing prose? AI skips you.
  • Add schema markup (Product, FAQ, Organization) — these still feed AI Overviews even when human clicks fall.
  • Build a knowledge base your own AI chat uses, then publish a public version. Anything an AI can answer about your store on your own site is one less customer who needs to leave to find the answer elsewhere. WebDialogAI's knowledge base setup doubles as GEO-ready content for external crawlers.
  • Test how your brand currently appears in ChatGPT, Gemini, and Perplexity. Wrong answers? That's your starting backlog.

6. CISA Adds Adobe Acrobat and Fortinet to KEV — Patch by May 4

On April 13, CISA added seven CVEs to its Known Exploited Vulnerabilities catalog — the list every U.S. federal agency must patch on a deadline, and which serves as a free triage list for the rest of us.

Two stand out for website owners and ecommerce operators:

  • CVE-2026-34621 — Adobe Acrobat / Reader prototype-pollution flaw. If your team handles invoice PDFs, vendor contracts, or anything PDF-borne (and they do), this is a phishing payload waiting to land.
  • CVE-2026-21643 — Fortinet SQL injection. Anyone running FortiGate / FortiManager appliances at the network edge is exposed; SQLi against an edge device usually means full network compromise.

What to do now:

  • Push Adobe Reader / Acrobat updates via your device-management policy this week. Don't rely on individual users.
  • If you run any Fortinet appliance, check for the patch and verify your management interface isn't internet-exposed.
  • For agencies and merchants subject to vendor security questionnaires, KEV compliance is increasingly required — start tracking it as a formal cadence, not an ad-hoc scan.

7. Anthropic's Claude Mythos Finds Thousands of Zero-Days — What It Means for Your Website

This is the slow-motion story that will reshape security for the next decade, and it broke this week.

Anthropic confirmed that its restricted Claude Mythos Preview model has independently discovered thousands of high-severity zero-day vulnerabilities across every major operating system and web browser — including a 27-year-old bug in OpenBSD. Where Claude Opus 4.6 produced working browser exploits twice in hundreds of attempts, Mythos succeeded 181 times.

The model is not publicly available. Anthropic launched Project Glasswing, a controlled program giving access to roughly 50 organizations including AWS, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, Palo Alto Networks, and JPMorgan Chase. This week the U.S. Treasury Secretary and Fed Chair summoned the largest U.S. banks and urged them to use Mythos to harden their systems.

The honest reading: AI-driven offensive capability is now ahead of AI-driven defensive capability for any organization not in that 50-company circle. Defensive AI tools are catching up fast, but if you're a website owner, you should expect:

  • A noticeable uptick in novel exploit attempts in the next 6–12 months as fixes from Glasswing roll out and Adversaries reverse-engineer the patches
  • Faster weaponization of any newly disclosed CVE — measure your patch SLA in days, not weeks
  • More attacker traffic disguised as legitimate browsers and crawlers

What to do now:

  • Tighten your patch cadence. Anything in the CISA KEV catalog should be patched within 7 days of a fix landing.
  • Move security-sensitive functions (login, checkout, admin) behind WAF rules and bot management, even on small sites.
  • If you depend on third-party plugins (you do), reduce the surface — uninstall what you aren't using, and assume every plugin is one zero-day away from being your incident.

The Bottom Line

The week's pattern is hard to miss: AI is now both the channel and the threat model.

On the upside, Shopify's agentic rollout and the GEO shift in Google AI Mode mean a single well-structured product page can now reach customers across ChatGPT, Copilot, Gemini, AI Overviews, and your own site. Merchants who restructure their content for AI extraction this quarter will compound that advantage for years.

On the downside, WordPress admin-takeover CVEs, credential-stuffing fallout from the Basic-Fit and Booking.com breaches, and the arrival of AI-discovered zero-days at scale mean security debt now compounds faster than it used to. Patch cadences that were "fine" in 2024 are negligent in 2026.

The merchants who'll do well from here are the ones who treat their AI chat, knowledge base, and security posture as one system — every customer question your AI answers correctly is one less plugin you need; every well-tagged product page is one more AI surface you appear on; every patched CVE is one less incident your support inbox has to absorb.

WebDialogAI gives your website an AI chat with seamless human handover — answers your customers instantly, escalates to a real agent when it matters, and turns your knowledge base into content AI search engines can lift. Get started free, install on Shopify, or see how it works.

Sources: