WordPress 6.02 Security Vulnerability Update Released: WordPress launched a replacement containing bug fixes and security patches to tackle three vulnerabilities, which were rated as extreme to moderate severity.
Updates could have been downloaded and inserted robotically, so it’s important to check if the website is definitely up to date by 6.02 and if everything is still enabled normally.
What is WordPress 6.02 Bug Fixes
The update includes twelve fixes for WordPress core and five for the block editor.
One notable change is the improvement of the Pattern Directory, which aims to help theme authors serve up patterns related to their themes.
The goal of this change is to make it more attractive for use by theme authors so that they can use it and to provide publishers with a better user experience.
“Many theme authors wish to have all core and distant patterns disabled by default utilizing remove_theme_support( ‘core-block-patterns’ ). This ensures they’re serving solely patterns related to their theme to clients/purchasers.
This modification will make the Sample Listing extra interesting/usable from the theme writer’s perspective.”
Three security patches
The primary vulnerability is described as an Extremely Severity SQL Injection Vulnerability.
An SQL injection vulnerability allows an attacker to question the database that underlies a Web site and add, view, delete, or modify fragile information.
According to a report by Wordfence, WordPress 6.02 patches an SQL injection vulnerability, an extreme severity vulnerability, although the vulnerability requires administrative privileges to execute.
Wordfence described the vulnerability as follows:
“The WordPress Hyperlink performance, beforehand often known as “Bookmarks”, is not enabled by default on new WordPress installations.
Older websites should still have the performance enabled, which signifies that thousands and thousands of legacy websites are doubtlessly susceptible, even when they’re working newer variations of WordPress.
Luckily, we discovered that the vulnerability requires administrative privileges and is tough to use in a default configuration.”
The second and third vulnerabilities are described as archived cross-site scripting, one of which has been reported not to affect the “vast” majority of WordPress publishers.
Second javascript date library up to date
Yet another vulnerability was patched, but it was definitely not part of the WordPress core. This vulnerability is for a JavaScript information library called another that WordPress uses.
A CVE quantity was assigned to the vulnerability of the JavaScript library, and the details are not available in the U.S. Authorization can be found on the nationwide vulnerability database. This is documented as a bug repair on WordPress.
What to do
The update should be rolled out robotically on websites from the 3.7 model.
This can be useful to confirm if the location is working correctly and has no conflicts with the current theme and has been put into plugins.
Citations
WordPress Core 6.0.2 Security & Maintenance Release – What You Need to Know
Allow remote pattern registration in theme.json when core patterns are disabled.
