It’s here! WordPress’s latest Security and Maintenance update – WordPress version 6.0.2 is now available. This update contains 12 core bug fixes, 5 Gutenberg bug fixes, and 3 security fixes 🔒. This is the second cumulative update after the release of WordPress 6.0 which comes with staggering features and functionality.
WordPress 6.0.2, RC 1 (release candidate) was available for testing on Tuesday, 23rd August 2022. After one week of rigorous testing, it was released to the public on Tuesday, 30th August 2022. This was a short-cycle release, preceding the major WordPress 6.1 release.
Three Security Fixes 🛡
The first security fixes high severity SQL injection a.k.a SQLi (Structured Query Language Injection) vulnerability.
SQLi vulnerability allows the attacker to view the information that they are not normally able to retrieve (Ps. your database, all the information stored on your website, e-com store, etc.).
The SQLi attack, in severe cases, can compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack. This can also result in unauthorized access to sensitive data like passwords, credit card details, and personal user information.
The second and third security fix was for the medium severity, Stored XSS (Cross-Site Scripting) vulnerability. This vulnerability does not affect most websites, because modern browsers are resilient to these types of attacks. But still, we can’t under-estimate these millennial (new generation) attackers 🐱👤.
Stored XSS (Cross-Site Scripting) arises when an application receives data from an untrusted source and includes that data within its later HTTP responses in an unsafe way. This attack allows the attacker to perform any action within the application, view and modify any information present on the site and make malicious attacks that will appear to originate from the initial victim user.
Bug fixes 🐞
This update includes twelve bug fixes to the core and five bug fixes to the Gutenberg block editor.
One of the major bug fixes in this update was allowing remote pattern registration in theme.json, when core patterns are disabled. This allows the theme users to disable core patterns but selectively register the required ones from Pattern Directory. This change will make the Pattern directory more engaging to the user.
My Take!
This is a security release, so I recommend that you update to the latest WordPress version immediately. WordPress supports automatic core updates since WordPress 3.7, especially for the security releases. It is highly possible that your site has automatically updated and is running WordPress 6.0.2.
If not, you can download WordPress 6.0.2 or visit the WordPress dashboard, and click on “Updates”. After updating it is important to check that everything is functioning normally and does not cause any problems with the installed themes and plugins.