On August 30, 2022, the WordPress core team released WordPress version 6.0.2, which contains patches for 3 vulnerabilities, including a High Severity SQLi vulnerability in the Links functionality as well as two Medium Severity Cross-Site Scripting vulnerabilities. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. Note, that in order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service.
WordPress <= 6.0.1 – Authenticated Cross-Site Scripting (XSS) vulnerability
Authenticated Cross-Site Scripting (XSS) vulnerability discovered by Khalilov Moe in WordPress <= 6.0.1. Update the WordPress to the latest available version (at least 6.0.2 or another patched version).
Read more about this bug: external link here.
WordPress <= 6.0.1 – Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by John Blackbourn in WordPress (versions <= 6.0.1). Update the WordPress to the latest available version (at least 6.0.2 or another patched version).
Read more about this bug: external link here.
WordPress <= 6.0.1 – Authenticated SQL Injection (SQLi) vulnerability via Link API
Authenticated SQL Injection (SQLi) vulnerability via Link API discovered by FVD in WordPress core (versions <= 6.0.1). Update the WordPress to the latest available version (at least 6.0.2 or another patched version).
Read more about this bug: external link here.