WP

WordPress Core 7.0.2

7.0.1โ†’7.0.2SecurityBug fix
๐Ÿ“… July 17, 2026๐Ÿ—‚ CMS๐Ÿ“ฆ WordPress Core โ†—๐Ÿ“œ Full changelog โ†—
โœฆ Editor's summary

WordPress Core 7.0.2 is an important security release that fixes two high-impact vulnerabilities, including a critical Remote Code Execution (RCE) issue affecting the REST API and a SQL injection vulnerability. Automatic security updates have been enabled for affected installations, and all users are strongly encouraged to upgrade immediately.

โš  Security impact
  • Fixed a critical REST API batch-route confusion vulnerability that could lead to Remote Code Execution (RCE).
  • Resolved a high-severity SQL injection vulnerability in WordPress Core.
  • Automatic security updates have been enabled for affected WordPress installations due to the severity of the issues.
  • Security fixes have also been backported to supported older WordPress branches.

What's new

WordPress Core 7.0.2 is now available as a security maintenance release.

This release focuses exclusively on addressing critical security vulnerabilities and improving the overall security of WordPress installations. Site owners are strongly encouraged to update immediately.

Security fixes
  • Fixed a critical REST API batch-route confusion vulnerability that could allow Remote Code Execution (RCE).
  • Resolved a facilitated SQL injection vulnerability affecting WordPress Core.
  • Enabled automatic security updates for affected versions due to the severity of the vulnerabilities.
  • Backported security fixes to supported WordPress 6.8 and 6.9 branches.
Files updated

The release modifies core REST API and query handling components, including:

  • wp-includes/rest-api/class-wp-rest-server.php
  • wp-includes/class-wp-query.php
  • wp-includes/rest-api.php
Recommendation

Because this is a security release addressing one critical and one high-severity vulnerability, all WordPress sites should be updated to version 7.0.2 as soon as possible.

More from WordPress Core
WordPress Core 7.0.1Bug fixPerformanceJul 9, 2026

๐Ÿ’ฌ Comments (0)

No comments yet.