WordPress 6.9.2 and WordPress 6.9.3 were released yesterday, addressing 10 security issues and a bug that affected template file loading on a limited number of sites.
The WordPress Security Team has discovered that not all of the security fixes were fully applied, therefore 6.9.4 has been released containing the necessary additional fixes.
Because this is a security release, it is recommended that you update your sites immediately.
You can download WordPress 6.9.4 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support automatic background updates, the update process will begin automatically.
For more information on WordPress 6.9.4, please visit the version page on the HelpHub site.
The security team would like to thank the contributors who reported and investigated this issue, in particular Thomas Kräftner for his responsible disclosure. The security issues that are resolved in 6.9.4 are:
Applications are now open for the 2026 Kim Parsell Memorial Scholarship, which supports one active…
This post recaps how the WordPress project’s five Global Partners — Jetpack, WordPress.com, WooCommerce, Bluehost,…
The full chat log is available beginning here on Slack. WordPress Performance Trac tickets @westonruter…
WordCamp Europe, the biggest WordPress conference in Europe, spent the first week of June in…
tl;dr: Temporary 24-hour cooldown period for plugin/theme releases before auto-updates. AI can give defenders an…
The full chat log is available beginning here on Slack. WordPress Performance Trac tickets @b1ink0…