{"id":5861,"date":"2026-07-17T18:45:54","date_gmt":"2026-07-17T18:45:54","guid":{"rendered":"https:\/\/frontlinenewsng.org\/?p=5861"},"modified":"2026-07-17T18:45:54","modified_gmt":"2026-07-17T18:45:54","slug":"wordpress-org-blog-wordpress-7-0-2-release","status":"publish","type":"post","link":"https:\/\/frontlinenewsng.org\/?p=5861","title":{"rendered":"WordPress.org blog: WordPress 7.0.2 Release"},"content":{"rendered":"<h2 class=\"wp-block-heading\">WordPress 7.0.2 is now available.<\/h2>\n<p class=\"wp-block-paragraph\">The 7.0.2 security release addresses one critical and one high severity security issue.<\/p>\n<p class=\"wp-block-paragraph\">Because this is a security release, <strong>it is recommended that you update your sites immediately.<\/strong> Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions.<\/p>\n<p class=\"wp-block-paragraph\">To manually update you can visit your WordPress Dashboard, click \u201cUpdates\u201d, and then click \u201cUpdate Now\u201d, or you can <a href=\"https:\/\/wordpress.org\/wordpress-7.0.2.zip\">download WordPress 7.0.2 from WordPress.org<\/a>. On sites that support automatic background updates, the update process will begin automatically.<\/p>\n<h2 class=\"wp-block-heading\">Security updates included in this release<\/h2>\n<p class=\"wp-block-paragraph\">The security team would like to thank the following people for responsibly <a href=\"https:\/\/hackerone.com\/wordpress\">reporting<\/a> vulnerabilities and allowing them to be fixed in this release:<\/p>\n<ul class=\"wp-block-list\">\n<li>A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo <\/li>\n<li>A REST API batch-route confusion and SQL injection issue leading to Remote Code Execution reported by Adam Kues at <a href=\"https:\/\/slcyber.io\/\"><u>Assetnote \/ Searchlight Cyber<\/u><\/a><\/li>\n<\/ul>\n<p class=\"wp-block-paragraph\">For more information on this release, please visit the <a href=\"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-7-0-2\/\">HelpHub site<\/a>.<\/p>\n<h2 class=\"wp-block-heading\">Backports<\/h2>\n<ul class=\"wp-block-list\">\n<li>WordPress 6.9 is affected by both vulnerabilities. Version 6.9.5 has been released containing fixes for both.<\/li>\n<li>WordPress 6.8 is only affected by the first vulnerability. Version 6.8.6 has been released containing a fix.<\/li>\n<li>The beta release of WordPress 7.1 is affected by both vulnerabilities. Version 7.1 beta2 has been released containing fixes for both.<\/li>\n<li>Versions of WordPress prior to 6.8 are not affected.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">CVE and GHSA references<\/h2>\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/github.com\/WordPress\/wordpress-develop\/security\/advisories\/GHSA-fpp7-x2x2-2mjf\"><code>CVE-2026-60137<\/code> \/ <code>GHSA-fpp7-x2x2-2mjf<\/code><\/a><\/li>\n<li><a href=\"https:\/\/github.com\/WordPress\/wordpress-develop\/security\/advisories\/GHSA-ff9f-jf42-662q\"><code>CVE-2026-63030<\/code> \/ <code>GHSA-ff9f-jf42-662q<\/code><\/a><\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\">Thank you to these WordPress contributors<\/h2>\n<p class=\"wp-block-paragraph\">This release was led by <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\/\">John Blackbourn<\/a> and <a href=\"https:\/\/profiles.wordpress.org\/barry\/\">Barry Abrahamson<\/a>. In addition to the security researchers mentioned above, WordPress 7.0.2 would not have been possible without the significant contributions of the following people: <a href=\"https:\/\/profiles.wordpress.org\/jorbin\">Aaron Jorbin<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/xknown\">Alex Concha<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/annezazu\">annezazu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/Barry\">Barry<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/davidbaumwald\">David Baumwald<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ocean90\">Dominik Schilling<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/ehtis\">Ehtisham Siddiqui<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joedolson\">Joe Dolson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/joehoyle\">Joe Hoyle<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/johnbillion\">John Blackbourn<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/desrosj\">Jonathan Desrosiers<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/clorith\">Marius L. J.<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/Matt\">Matt Mullenweg<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/batmoo\">Mohammad Jangda<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/peterwilsoncc\">Peter Wilson<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/sergeybiryukov\">Sergey Biryukov<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/vortfu\">vortfu<\/a>, <a href=\"https:\/\/profiles.wordpress.org\/westonruter\">Weston Ruter<\/a>, plus representatives from Altis, Automattic, Bluehost, Cloudflare, GoDaddy, Hostinger, and WP Engine.<\/p>\n<p class=\"wp-block-paragraph\">\n<\/p>","protected":false},"excerpt":{"rendered":"<p>WordPress 7.0.2 is now available. The 7.0.2 security release addresses one critical and one high severity security issue. Because this is a security release, it is recommended that you update your sites immediately. Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions. To manually [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"jetpack_seo_schema_type":"","_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[1],"tags":[],"class_list":["post-5861","post","type-post","status-publish","format-standard","hentry","category-latest-news"],"jetpack_featured_media_url":"","jetpack_likes_enabled":true,"jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=\/wp\/v2\/posts\/5861","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=5861"}],"version-history":[{"count":0,"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=\/wp\/v2\/posts\/5861\/revisions"}],"wp:attachment":[{"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=5861"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=5861"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/frontlinenewsng.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=5861"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}