Category Archives: Advisories

WordPress 6.0.2 Security and Maintenance Release

Read Time:1 Minute, 44 Second

WordPress 6.0.2 is now available!

This security and maintenance release features 12 bug fixes on Core, 5 bug fixes for the Block Editor, and 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.

WordPress 6.0.2 is a short-cycle release. You can review a summary of the main updates in this release by reading the RC1 announcement.

The next major release will be version 6.1 planned for November 1, 2022.

If you have sites that support automatic background updates, the update process will begin automatically.

You can download WordPress 6.0.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”.

For more information on this release, please visit the HelpHub site.

Security updates included in this release

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

Fariskhi Vidyan for finding a possible SQL injection within the Link API.

Khalilov Moe for finding an XSS vulnerability on the Plugins screen.

John Blackbourn of the WordPress security team, for finding an output escaping issue within the_meta().

Thank you to these WordPress contributors

The WordPress 6.0.2 release was led by @sergeybiryukov and @gziolo.

WordPress 6.0.2 would not have been possible without the contributions of more than 50 people. Their asynchronous coordination to deliver several enhancements and fixes into a stable release is a testament to the power and capability of the WordPress community.

Alex ConchaAndrei DraganescuannezazuAnton VlasenkoAri StathopoulosBen DwyerCarolina NymarkColin StewartDarren CouttsDilip BhedaDion HulseeMKeyFabian KägyGeorge MamadashviliGreg ZiółkowskihuublironprogrammerJb AudrasJohn BlackbournJonathan DesrosiersjonmackintoshJonny Harris, Kelly Choyce-DwanLena MoritaLinkon MiyanLovro HrustmarybaumNick DiegoNik Tsekouras, Olga GlecklerPascal BirchlerpaulkevanPeter WilsonSergey BiryukovStephen BernhardtTeddy PatriarcaTimothy JacobstommusrhodusTomoki Shimomura, Tonya Morkwebcommsat AbhaNonStopNewsUK, and zieladam.

Read More

CVE-2021-29864

Read Time:25 Second

IBM Security Identity Manager 6.0 and 6.0.2 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 206089

Read More