Version 7.0.2

On July 17, 2026, WordPress 7.0.2 was released to the public.

Installation/Update Information

To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Summary

Security updates

This release features several security fixes. Because this is a security release, it is recommended that you update your sites immediately.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • A facilitated SQL injection issue reported by as a team by TF1T, dtro, and haongo
  • A REST API batch-route confusion and SQL injection issue leading to Remote Code Execution reported by Adam Kues at Assetnote / Searchlight Cyber

As a courtesy, these fixes are also available in older affected branches of WordPress. As a reminder, only the most recent version of WordPress is actively supported.

  • WordPress 6.9 is affected by both vulnerabilities. Version 6.9.5 has been released containing fixes for both.
  • WordPress 6.8 is only affected by the first vulnerability. Version 6.8.6 has been released containing a fix.
  • Versions of WordPress prior to 6.8 are not affected.

Change log

List of files revised

/wp-includes/rest-api/class-wp-rest-server.php
/wp-includes/class-wp-query.php
/wp-includes/rest-api.php

List of packages revised

No package was revised.

First published

Last updated