WordPress 6.0.2 Security and Maintenance Update

WordPress 6.0.2 Security and Maintenance Update

WordPress released another minor release to improve its current version. This WordPress 6.0.2 update features 12 major bug fixes and five bug fixes in block editors.

Although there are not as many improvements as in the previous minor version, WordPress 6.0.2 fixes several security vulnerabilities. Therefore, we recommend that you upgrade your WordPress website to this version as soon as possible.

WordPress 6.0.2: security and bugfixes

The WordPress 6.0.2 release notes the following three security patches:

  • SQL injection vulnerability within the Link API.
  • XSS (cross-site scripting) vulnerability in plugin management screens.
  • Escape output issue in the_meta() function.

In addition, a kernel update updates the moment.js JavaScript library to avoid a vulnerability in version 2.29.2.

Apart from the security patches, there are several bug fixes for the core software and the block editor. You can find detailed information about the core bug fixes on WordPress Trac, while the block editor fixes are available on the GitHub repository.

To make it easier, we will review the repository and test WordPress 6.0.2 to highlight the important fixes in this release.

Fixed publication in the query loop

A bug caused the query loop to not display fixed posts correctly. This occurs when the query loop inherits the query from the template.

For example, when you have a fixed post and you enable the legacy query configuration, the fixed post will not appear at the top of the query loop. The fixed post configuration in the block configuration will also not work correctly.

WordPress 6.0.2 Security and Maintenance Update

The WordPress 6.0.2 update fixed the issue. When you enable the legacy query configuration, it removes the fixed post configuration. Also, the fixed post will be displayed correctly at the top of the query.

Fixed button labels with long text

WordPress allows adding block styles through the PHP file of each block. However, it does not truncate a long button tag when using certain languages, such as Chinese, Japanese and Korean, which causes the button space to overflowing.

The developers have updated the style sheet and now the style button will show an ellipsis whenever the label is too long for the space.

Allows the recording of remote patterns when the central patterns are deactivated

WordPress 6.0 introduces a feature to register remote patterns from your pattern directory using the theme.json file. It also received a bug fix in the WordPress 6.0.1 update to ensure it syncs seamlessly with the WordPress pattern directory.

However, it still required the core patterns to be enabled. This is contrary to what many theme authors and developers want, as they prefer to disable the core patterns and use only the ones relevant to their themes.

The developers modified the pattern logging feature so that theme authors can disable the main patterns while still logging remote patterns from the directory using the theme.json file.

While this is not a bug fix, this implementation will improve the usability of the pattern directory, especially for theme authors.

Upgrade your WordPress version

Since WordPress 6.0.2 contains security vulnerability patches, we recommend that you update your version of WordPress as soon as possible.

You will see a banner at the top of your WordPress admin panel if you are not running the latest version. Click Update Now, which will take you to the WordPress update page.

You can also update your WordPress site from the panel WordPress dashboard. You will find the WordPress version section at the bottom right, and the upgrade button will be available if you are not running the latest version.

We also recommend enabling automatic upgrades for minor versions during installation through panel’s automatic installer.