WordPress Core 7.0.2
WordPress Core 7.0.2 is an important security release that fixes two high-impact vulnerabilities, including a critical Remote Code Execution (RCE) issue affecting the REST API and a SQL injection vulnerability. Automatic security updates have been enabled for affected installations, and all users are strongly encouraged to upgrade immediately.
- Fixed a critical REST API batch-route confusion vulnerability that could lead to Remote Code Execution (RCE).
- Resolved a high-severity SQL injection vulnerability in WordPress Core.
- Automatic security updates have been enabled for affected WordPress installations due to the severity of the issues.
- Security fixes have also been backported to supported older WordPress branches.
What's new
WordPress Core 7.0.2 is now available as a security maintenance release.
This release focuses exclusively on addressing critical security vulnerabilities and improving the overall security of WordPress installations. Site owners are strongly encouraged to update immediately.
Security fixes- Fixed a critical REST API batch-route confusion vulnerability that could allow Remote Code Execution (RCE).
- Resolved a facilitated SQL injection vulnerability affecting WordPress Core.
- Enabled automatic security updates for affected versions due to the severity of the vulnerabilities.
- Backported security fixes to supported WordPress 6.8 and 6.9 branches.
The release modifies core REST API and query handling components, including:
- wp-includes/rest-api/class-wp-rest-server.php
- wp-includes/class-wp-query.php
- wp-includes/rest-api.php
Because this is a security release addressing one critical and one high-severity vulnerability, all WordPress sites should be updated to version 7.0.2 as soon as possible.
๐ฌ Comments (0)
No comments yet.