WordPress 6.0.2 Security and Maintenance Update

WordPress has launched another minor release to improve its current version. This WordPress 6.0.2 update introduces 12 core and five block editor bug fixes.

Although not as many improvements as in the previous minor release, WordPress 6.0.2 patches several security vulnerabilities. Thus, we strongly recommend updating your WordPress website to this version as soon as possible. 

WordPress 6.0.2 Security and Bug Fixes

The WordPress 6.0.2 release post notes the following three security patches:

• SQL injection vulnerability within the Link API.
• XSS (cross-site scripting) vulnerability on the Plugins admin screens.
• Output-escaping issue in the the_meta() function.

In addition, a core update upgrades the moment.js Javascript library to avoid a vulnerability in the 2.29.2 version.

Other than the security patches, there are various core software and block editor bug fixes. You can find detailed information on the core bug fixes on the WordPress Trac, while the block editor fixes are available on the GitHub repository.

To make this easier for you, we’ll go through the repository and test WordPress 6.0.2 to highlight the significant fixes on this version.

Fixed Sticky Post on the Query Loop Block

A bug caused the query loop block not to display sticky posts properly. This occurs when the query loop inherits the query from the template. 

For instance, when you have a sticky post and enable the inherit query settings for the query loop block, the sticky post won’t appear at the top of the query loop. The sticky posts settings in the block settings also won’t work correctly.

The WordPress 6.0.2 update has fixed the issue. When you enable the inherit query setting, it removes the sticky posts setting. Also, the sticky post will be displayed correctly at the top of the query.

Fixed Button Labels With Long Text

WordPress allows you to add block styles via each block’s PHP file. However, it won’t truncate a long button label when using certain languages, like Chinese, Japanese, and Korean, causing it to overflow the button space.

The developers have updated the stylesheet, and now the style button will show an ellipsis whenever the label is too long for the space.

Allow Remote Pattern Registration When Core Patterns Are Disabled

WordPress 6.0 introduces a feature to register remote patterns from its pattern directory using the theme.json file. It also received a bug fix in the WordPress 6.0.1 update to ensure it synchronizes perfectly with the WordPress pattern directory.

However, it still required the core patterns to be enabled. This is contrary to what many theme authors and developers want, as they prefer to disable core patterns and use only relevant ones for their themes.

The developers have tweaked the pattern registration function so that theme authors can disable the core patterns while still registering remote patterns from the directory using the theme.json file.

While this is not a bug fix, this enhancement will improve the usability of the pattern directory, especially for theme authors.

Updating Your WordPress Version

Since WordPress 6.0.2 contains security vulnerability patches, we highly recommend updating your WordPress version as soon as possible.

You’ll see a banner on the top of your WordPress admin dashboard if you’re not running the latest WordPress version. Click on Please update now, which will take you to the WordPress update page.

Alternatively, you can update your WordPress site from hPanel’s WordPress dashboard. You’ll find the WordPress version section on the bottom-right section, and the update button will be available if you’re not running the latest WordPress version.

We also recommend enabling automatic updates for minor releases during installation using hPanel’s auto-installer.