{"id":11334,"date":"2026-07-18T00:15:54","date_gmt":"2026-07-17T18:45:54","guid":{"rendered":"https:\/\/4ksamachar.com\/?p=11334"},"modified":"2026-07-18T00:15:54","modified_gmt":"2026-07-17T18:45:54","slug":"wordpress-org-blog-wordpress-7-0-2-release","status":"publish","type":"post","link":"https:\/\/4ksamachar.com\/?p=11334","title":{"rendered":"WordPress.org blog: WordPress 7.0.2 Release"},"content":{"rendered":"<h2 class=\"wp-block-heading\">WordPress 7.0.2 is now available.<\/h2>\n<p class=\"wp-block-paragraph\">The 7.0.2 security release addresses one critical and one high severity security issue.<\/p>\n<p class=\"wp-block-paragraph\">Because this is a security release, <strong>it is recommended that you update your sites immediately.<\/strong> Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions.<\/p>\n<p class=\"wp-block-paragraph\">To manually update you can visit your WordPress Dashboard, click \u201cUpdates\u201d, and then click \u201cUpdate Now\u201d, or you can <a href=\"https:\/\/wordpress.org\/wordpress-7.0.2.zip\" target=\"_blank\" rel=\"noopener\">download WordPress 7.0.2 from WordPress.org<\/a>. On sites that support automatic background updates, the update process will begin automatically.<\/p>\n<h2 class=\"wp-block-heading\">Security updates included in this release<\/h2>\n<p class=\"wp-block-paragraph\">The security team would like to thank the following people for responsibly <a href=\"https:\/\/hackerone.com\/wordpress\" target=\"_blank\" rel=\"noopener\">reporting<\/a> vulnerabilities and allowing them to be fixed in this release:<\/p>\n<ul class=\"wp-block-list\">\n<li>A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo <\/li>\n<li>A REST API batch-route confusion and SQL injection issue leading to Remote Code Execution reported by Adam Kues at <a href=\"https:\/\/slcyber.io\/\" target=\"_blank\" rel=\"noopener\"><u>Assetnote \/ Searchlight Cyber<\/u><\/a><\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">For more information on this release, please visit the <a href=\"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-7-0-2\/\" target=\"_blank\" rel=\"noopener\">HelpHub site<\/a>.<\/p>\n<h2 class=\"wp-block-heading\">Backports<\/h2>\n<ul class=\"wp-block-list\">\n<li>WordPress 6.9 is affected by both vulnerabilities. Version 6.9.5 has been released containing fixes for both.<\/li>\n<li>WordPress 6.8 is only affected by the first vulnerability. Version 6.8.6 has been released containing a fix.<\/li>\n<li>The beta release of WordPress 7.1 is affected by both vulnerabilities. Version 7.1 beta2 has been released containing fixes for both.<\/li>\n<li>Versions of WordPress prior to 6.8 are not affected.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">CVE and GHSA references<\/h2>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/WordPress\/wordpress-develop\/security\/advisories\/GHSA-fpp7-x2x2-2mjf\" target=\"_blank\" rel=\"noopener\"><code>CVE-2026-60137<\/code> \/ <code>GHSA-fpp7-x2x2-2mjf<\/code><\/a><\/li>\n<li><a href=\"https:\/\/github.com\/WordPress\/wordpress-develop\/security\/advisories\/GHSA-ff9f-jf42-662q\" target=\"_blank\" rel=\"noopener\"><code>CVE-2026-63030<\/code> \/ <code>GHSA-ff9f-jf42-662q<\/code><\/a><\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">Thank you to these WordPress contributors<\/h2>\n<p class=\"wp-block-paragraph\">This release was led by <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\" target=\"_blank\" rel=\"noopener\">John Blackbourn<\/a> and <a href=\"https:\/\/profiles.wordpress.org\/barry\/\" target=\"_blank\" rel=\"noopener\">Barry Abrahamson<\/a>. In addition to the security researchers mentioned above, WordPress 7.0.2 would not have been possible without the significant contributions of the following people: <a href=\"https:\/\/profiles.wordpress.org\/jorbin\" target=\"_blank\" rel=\"noopener\">Aaron Jorbin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/xknown\" target=\"_blank\" rel=\"noopener\">Alex Concha<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/annezazu\" target=\"_blank\" rel=\"noopener\">annezazu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/Barry\" target=\"_blank\" rel=\"noopener\">Barry<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/davidbaumwald\" target=\"_blank\" rel=\"noopener\">David Baumwald<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ocean90\" target=\"_blank\" rel=\"noopener\">Dominik Schilling<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ehtis\" target=\"_blank\" rel=\"noopener\">Ehtisham Siddiqui<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joedolson\" target=\"_blank\" rel=\"noopener\">Joe Dolson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joehoyle\" target=\"_blank\" rel=\"noopener\">Joe Hoyle<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\" target=\"_blank\" rel=\"noopener\">John Blackbourn<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/desrosj\" target=\"_blank\" rel=\"noopener\">Jonathan Desrosiers<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/clorith\" target=\"_blank\" rel=\"noopener\">Marius L. J.<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/Matt\" target=\"_blank\" rel=\"noopener\">Matt Mullenweg<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/batmoo\" target=\"_blank\" rel=\"noopener\">Mohammad Jangda<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/peterwilsoncc\" target=\"_blank\" rel=\"noopener\">Peter Wilson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/sergeybiryukov\" target=\"_blank\" rel=\"noopener\">Sergey Biryukov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/vortfu\" target=\"_blank\" rel=\"noopener\">vortfu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/westonruter\" target=\"_blank\" rel=\"noopener\">Weston Ruter<\/a>, plus representatives from Altis, Automattic, Bluehost, Cloudflare, GoDaddy, Hostinger, and WP Engine.<\/p>\n<p class=\"wp-block-paragraph\">\n","protected":false},"excerpt":{"rendered":"<p>WordPress 7.0.2 is now available. The 7.0.2 security release addresses one critical and one high severity security issue. Because this is a security release, it is recommended that you update your sites immediately. Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions. To manually [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-11334","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"blog_post_layout_featured_media_urls":{"thumbnail":"","full":""},"categories_names":{"1":{"name":"Uncategorized","link":"https:\/\/4ksamachar.com\/?cat=1"}},"tags_names":[],"comments_number":"0","wpmagazine_modules_lite_featured_media_urls":{"thumbnail":"","cvmm-medium":"","cvmm-medium-plus":"","cvmm-portrait":"","cvmm-medium-square":"","cvmm-large":"","cvmm-small":"","full":""},"_links":{"self":[{"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/posts\/11334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11334"}],"version-history":[{"count":0,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=\/wp\/v2\/posts\/11334\/revisions"}],"wp:attachment":[{"href":"https:\/\/4ksamachar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/4ksamachar.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}