An update has been released that fixes a vulnerability in WordPress
On August 30, WordPress 6.0.2 was released.
This version includes 12 core bug fixes, 5 block editor bug fixes, and 3 security fixes.
As this is a security fix, an immediate update is recommended.
The security fixes are as follows
- Fix for possible SQL injection
- Fix for XSS vulnerability in plugin screen
- Fixes for escaping issues in the_meta()
The official website announces that WordPress 3.7 and later versions of WordPress have also been updated.
The version list shows that updates were made on August 30 in past versions as well, and the blog link in these announcements was linked to an article about the release of WordPress 6.0.2.
Therefore, users of WordPress 3.7 or later should also update.
However, there is a possibility that problems may occur if you increase the major version from an older version, for example, updating from 4.0 to 6.0.2.
Therefore, users of older versions should apply only this security update or be careful when updating major versions.
Please also see the official pages below.