The 7.0.2 security release addresses one critical and one high severity security issue.
Because this is a security release, it is recommended that you update your sites immediately. Due to the severity, the WordPress.org team have enabled forced updates via the auto-update system for sites running affected versions.
To manually update you can visit your WordPress Dashboard, click “Updates”, and then click “Update Now”, or you can download WordPress 7.0.2 from WordPress.org. On sites that support automatic background updates, the update process will begin automatically.
The security team would like to thank the following people for responsibly reporting vulnerabilities and allowing them to be fixed in this release:
For more information on this release, please visit the HelpHub site.
This release was led by John Blackbourn and Barry Abrahamson. In addition to the security researchers mentioned above, WordPress 7.0.2 would not have been possible without the significant contributions of the following people: Aaron Jorbin, Alex Concha, annezazu, Barry, David Baumwald, Dominik Schilling, Ehtisham Siddiqui, Joe Dolson, Joe Hoyle, John Blackbourn, Jonathan Desrosiers, Marius L. J., Matt Mullenweg, Mohammad Jangda, Peter Wilson, Sergey Biryukov, vortfu, Weston Ruter, plus representatives from Altis, Automattic, Bluehost, Cloudflare, GoDaddy, Hostinger, and WP Engine.
WordPress 7.1 Beta 1 is ready for download and testing! This beta release is intended…
The full chat log is available beginning here on Slack. WordPress Performance Trac tickets @westonruter…
August 16-19, 2026 | Phoenix Convention Center, Phoenix, Arizona WordCamp US 2026 returns for another…
WordPress 7.0.1 is now available! This minor release includes fixes for 31 bugs throughout Core and the Block…
The full chat log is available beginning here on Slack. WordPress Performance Trac tickets @westonruter…
On June 23, around 40 students from the University of Illinois Chicago (UIC), Louisiana Tech…