{"id":2543,"date":"2026-07-17T18:45:54","date_gmt":"2026-07-17T18:45:54","guid":{"rendered":"https:\/\/mailurdu.co.uk\/?p=2543"},"modified":"2026-07-17T18:45:54","modified_gmt":"2026-07-17T18:45:54","slug":"wordpress-org-blog-wordpress-7-0-2-release","status":"publish","type":"post","link":"https:\/\/mailurdu.co.uk\/?p=2543","title":{"rendered":"WordPress.org blog: WordPress 7.0.2 Release"},"content":{"rendered":"<h2 class=\"wp-block-heading\">WordPress 7.0.2 is now available.<\/h2>\n<p class=\"wp-block-paragraph\">The 7.0.2 security release addresses one critical and one high severity security issue.<\/p>\n<p class=\"wp-block-paragraph\">Because this is a security release, <strong>it is recommended that you update your sites immediately.<\/strong> Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions.<\/p>\n<p class=\"wp-block-paragraph\">To manually update you can visit your WordPress Dashboard, click \u201cUpdates\u201d, and then click \u201cUpdate Now\u201d, or you can <a href=\"https:\/\/wordpress.org\/wordpress-7.0.2.zip\">download WordPress 7.0.2 from WordPress.org<\/a>. On sites that support automatic background updates, the update process will begin automatically.<\/p>\n<h2 class=\"wp-block-heading\">Security updates included in this release<\/h2>\n<p class=\"wp-block-paragraph\">The security team would like to thank the following people for responsibly <a href=\"https:\/\/hackerone.com\/wordpress\">reporting<\/a> vulnerabilities and allowing them to be fixed in this release:<\/p>\n<ul class=\"wp-block-list\">\n<li>A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo<\/li>\n<li>A REST API batch-route confusion and SQL injection issue leading to Remote Code Execution reported by Adam Kues at <a href=\"https:\/\/slcyber.io\/\"><u>Assetnote \/ Searchlight Cyber<\/u><\/a><\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">For more information on this release, please visit the <a href=\"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-7-0-2\/\">HelpHub site<\/a>.<\/p>\n<h2 class=\"wp-block-heading\">Backports<\/h2>\n<ul class=\"wp-block-list\">\n<li>WordPress 6.9 is affected by both vulnerabilities. Version 6.9.5 has been released containing fixes for both.<\/li>\n<li>WordPress 6.8 is only affected by the first vulnerability. Version 6.8.6 has been released containing a fix.<\/li>\n<li>The beta release of WordPress 7.1 is affected by both vulnerabilities. Version 7.1 beta2 has been released containing fixes for both.<\/li>\n<li>Versions of WordPress prior to 6.8 are not affected.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">CVE and GHSA references<\/h2>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/WordPress\/wordpress-develop\/security\/advisories\/GHSA-fpp7-x2x2-2mjf\"><code>CVE-2026-60137<\/code> \/ <code>GHSA-fpp7-x2x2-2mjf<\/code><\/a><\/li>\n<li><a href=\"https:\/\/github.com\/WordPress\/wordpress-develop\/security\/advisories\/GHSA-ff9f-jf42-662q\"><code>CVE-2026-63030<\/code> \/ <code>GHSA-ff9f-jf42-662q<\/code><\/a><\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">Thank you to these WordPress contributors<\/h2>\n<p class=\"wp-block-paragraph\">This release was led by <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\">John Blackbourn<\/a> and <a href=\"https:\/\/profiles.wordpress.org\/barry\/\">Barry Abrahamson<\/a>. In addition to the security researchers mentioned above, WordPress 7.0.2 would not have been possible without the significant contributions of the following people: <a href=\"https:\/\/profiles.wordpress.org\/jorbin\">Aaron Jorbin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/xknown\">Alex Concha<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/annezazu\">annezazu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/Barry\">Barry<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/davidbaumwald\">David Baumwald<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ocean90\">Dominik Schilling<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ehtis\">Ehtisham Siddiqui<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joedolson\">Joe Dolson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joehoyle\">Joe Hoyle<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\">John Blackbourn<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/desrosj\">Jonathan Desrosiers<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/clorith\">Marius L. J.<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/Matt\">Matt Mullenweg<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/batmoo\">Mohammad Jangda<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/peterwilsoncc\">Peter Wilson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/sergeybiryukov\">Sergey Biryukov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/vortfu\">vortfu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/westonruter\">Weston Ruter<\/a>, plus representatives from Altis, Automattic, Bluehost, Cloudflare, GoDaddy, Hostinger, and WP Engine.<\/p>\n<p class=\"wp-block-paragraph\">\n<\/p>","protected":false},"excerpt":{"rendered":"<p>WordPress 7.0.2 is now available. The 7.0.2 security release addresses one critical and one high severity security issue. Because this is a security release, it is recommended that you update your sites immediately. Due to the severity, the WordPress.org team <a class=\"read-more\" href=\"https:\/\/mailurdu.co.uk\/?p=2543\">\u0645\u0632\u06cc\u062f \u067e\u0691\u06be\u06cc\u06ba<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2543","post","type-post","status-publish","format-standard","hentry","category-pakistan"],"_links":{"self":[{"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/2543","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2543"}],"version-history":[{"count":0,"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=\/wp\/v2\/posts\/2543\/revisions"}],"wp:attachment":[{"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2543"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2543"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mailurdu.co.uk\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2543"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}