WordPress 6.0.2 was released on August 30, 2022. The release fixes a total of 17 bugs (12 in the kernel and 5 in the block editor) and fixes 3 security vulnerabilities. As this is a security release, it is highly recommended that you install the update as soon as possible. All versions of WordPress since version 3.7 inclusive are affected by the vulnerability and appropriate updates are available.
WordPress 6.0.2 is a short-cycle security and maintenance release. See the RC-1 announcement for a summary of the main updates. The next major release will be version 6.1, which is expected to be released on November 1, 2022.
Download WordPress 6.0.2 to install or go to Dashboard → Updates and click Update Now. Sites that support automatic background updates already start updating automatically.
Included security updates
The WordPress security team would like to thank the following individuals for their responsible reporting of security vulnerabilities that have been fixed in this release:
- FVD to find possible SQL injection in the Link API.
- Khalilov Moe for finding an XSS vulnerability in the plugins view.
- John Blackbourne from the WordPress security team to find the output escaping issue
More information about this release is available on the HelpHub website.
The WordPress 6.0.2 release was led by @sergeybiryukov and @gziolo and would not have been possible without the contributions of over 50 people:
Alex Koncha, Andrei Draganescu, annezazu, Anton Vlasenko, Ari Stathopoulos, Ben Dwyer, Caroline Niemark, Colin Stewart, Darren Coates, Dilip Bheda, Dion Hulse, eMKey, Fabian Kegi, George Mamadashvili, Greg Ziolkovsky, Hubble, Ironprogram John Blackbourne, Jonathan DeRossier, John McIntosh, Johnny Harris, Kelly Choise-Dwan, Lena Morita, Lincoln Miyan, Lovro Hrust, Marybaum, Nick Diego, Nick Chekouras, Olga Gleckler, Pascal Behrler, Polkevan, Peter Wilson, Sergey Bernhardt, Stephen Bernhardt, Teddy Patriarca, Timothy Jacobs, tommusrhodus, Tomoki Shimomura, Tonya Mork, webmaster AbhaNonStopNewsUK and zieladam.