WordPress 7.0.2 is now available.
The 7.0.2 security release addresses one critical and one high severity security issue.
Because this is a security release, it is recommended that you update your sites immediately. Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions.
To manually update you can visit your WordPress Dashboard, click “Updates”, and then click “Update Now”, or you can download WordPress 7.0.2 from WordPress.org. On sites that support automatic background updates, the update process will begin automatically.
Security updates included in this release
The security team would like to thank the following people for responsibly reporting vulnerabilities and allowing them to be fixed in this release:
- A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo
- A REST API batch-route confusion and SQL injection issue leading to Remote Code Execution reported by Adam Kues at Assetnote / Searchlight Cyber
For more information on this release, please visit the HelpHub site.
Backports
- WordPress 6.9 is affected by both vulnerabilities. Version 6.9.5 has been released containing fixes for both.
- WordPress 6.8 is only affected by the first vulnerability. Version 6.8.6 has been released containing a fix.
- The beta release of WordPress 7.1 is affected by both vulnerabilities. Version 7.1 beta2 has been released containing fixes for both.
- Versions of WordPress prior to 6.8 are not affected.
CVE and GHSA references
Thank you to these WordPress contributors
This release was led by John Blackbourn and Barry Abrahamson. In addition to the security researchers mentioned above, WordPress 7.0.2 would not have been possible without the significant contributions of the following people: Aaron Jorbin, Alex Concha, annezazu, Barry, David Baumwald, Dominik Schilling, Ehtisham Siddiqui, Joe Dolson, Joe Hoyle, John Blackbourn, Jonathan Desrosiers, Marius L. J., Matt Mullenweg, Mohammad Jangda, Peter Wilson, Sergey Biryukov, vortfu, Weston Ruter, plus representatives from Altis, Automattic, Bluehost, Cloudflare, GoDaddy, Hostinger, and WP Engine.
Please consider helping!
Awake Freedom TV On Roku is Broken! 🙂

I could no longer maintain the costs on my own, so I moved the off of a dedicated server which was needed for the TV platform to work. On top of that, I want to build an app Awake Freedom TV app, for mobile phones. We need your help to first resurrect our TV channel, and then build the mobile app. In order to do that, I need a minimum of 800/month on subscription payments. Please help anyway you can with the form below.







Leave A Comment