惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
T
Troy Hunt's Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
Vercel News
Vercel News
T
Threatpost
G
Google Developers Blog
T
Threat Research - Cisco Blogs
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
The Exploit Database - CXSecurity.com
H
Heimdal Security Blog
Google DeepMind News
Google DeepMind News
Cyberwarzone
Cyberwarzone
T
The Blog of Author Tim Ferriss
Know Your Adversary
Know Your Adversary
Hacker News: Ask HN
Hacker News: Ask HN
www.infosecurity-magazine.com
www.infosecurity-magazine.com
S
Schneier on Security
B
Blog
V2EX - 技术
V2EX - 技术
NISL@THU
NISL@THU
C
CERT Recently Published Vulnerability Notes
W
WeLiveSecurity
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Y
Y Combinator Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Spread Privacy
Spread Privacy
The Last Watchdog
The Last Watchdog
V
Vulnerabilities – Threatpost
N
Netflix TechBlog - Medium
Schneier on Security
Schneier on Security
F
Fortinet All Blogs
N
News | PayPal Newsroom
Attack and Defense Labs
Attack and Defense Labs
Blog — PlanetScale
Blog — PlanetScale
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
人人都是产品经理
人人都是产品经理
爱范儿
爱范儿
P
Privacy & Cybersecurity Law Blog
P
Proofpoint News Feed
Project Zero
Project Zero
I
Intezer
罗磊的独立博客
H
Hackread – Cybersecurity News, Data Breaches, AI and More
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - Franky
SecWiki News
SecWiki News
Martin Fowler
Martin Fowler

WordPress News

What Happened at WordCamp Europe 2026 – WordPress News Protect The Shire – WordPress News WordPress at 23 Looking Ahead to WordCamp Europe 2026 – WordPress News WordPress 7.0 “Armstrong” – WordPress News WordPress 7.0 Release Candidate 4 Get Your WordCamp US 2026 Tickets WordPress 7.0 Release Candidate 3 Get Involved With WordCamp US 2026 in Phoenix – WordPress News WordPress Student Clubs Build Momentum – WordPress News Celebrating Community at WordCamp Asia 2026 – WordPress News How to Watch WordCamp Asia 2026 Live – WordPress News From AI to Open Source at WordCamp Asia 2026 – WordPress News WordPress 7.0 Release Candidate 2 – WordPress News WP Packages is Working the Way Open Source Should – WordPress News WordPress 7.0 Release Candidate 1 – WordPress News WordPress 7.0 Beta 5 – WordPress News WordPress 6.9.4 Release – WordPress News Your Browser Becomes Your WordPress – WordPress News WordPress 6.9.3 and 7.0 beta 4 – WordPress News
WordPress 6.9.2 Release – WordPress News
2026-03-10 · via WordPress News

WordPress 6.9.2 is now available

This is a security release that features several fixes.

Because this is a security release, it is recommended that you update your sites immediately.

You can download WordPress 6.9.2 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support automatic background updates, the update process will begin automatically.

For more information on WordPress 6.9.2, please visit the version page on the HelpHub site.

Security updates included in this release

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • A Blind SSRF issue reported by sibwtf, and subsequently by several other researchers while the fix was being worked on
  • A PoP-chain weakness in the HTML API and Block Registry reported by Phat RiO
  • A regex DoS weakness in numeric character references reported by Dennis Snell of the WordPress Security Team
  • A stored XSS in nav menus reported by Phill Savage
  • An AJAX query-attachments authorization bypass reported by Vitaly Simonovich
  • A stored XSS via the data-wp-bind directive reported by kaminuma
  • An XSS that allows overridding client-side templates in the admin area reported by Asaf Mozes
  • A PclZip path traversal issue reported independently by Francesco Carlucci and kaminuma
  • An authorization bypass on the Notes feature reported by kaminuma
  • An XXE in the external getID3 library reported by Youssef Achtatal

The WordPress security team have worked with the maintainer of the external getID3 library, James Heinrich, to coordinate a fix to getID3. A new version of getID3 is available here.

As a courtesy, these fixes are being backported, where necessary, to all branches eligible to receive security fixes (currently through 4.7). As a reminder, only the most recent version of WordPress is actively supported. The backports are in progress and will ship as they become ready.

Thank you to these WordPress contributors

This release was led by John Blackbourn. In addition to the security researchers mentioned above, WordPress 6.9.2 would not have been possible without the contributions of the following people: Dennis Snell, Alex Concha, Jon Surrell, Isabel Brison, Peter Wilson, Jonathan Desrosiers, Jb Audras, Luis Herranz, Aaron Jorbin, Weston Ruter, and Dominik Schilling.