{"id":16367033,"date":"2026-03-10T15:47:06","date_gmt":"2026-03-10T15:47:06","guid":{"rendered":"https:\/\/wordpress.org\/documentation\/?post_type=helphub_version&#038;p=16367033"},"modified":"2026-03-10T15:47:27","modified_gmt":"2026-03-10T15:47:27","slug":"version-6-9-2","status":"publish","type":"helphub_version","link":"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-6-9-2\/","title":{"rendered":"Version 6.9.2"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">On March 10, 2026, WordPress 6.9.2 was released to the public.<\/p>\n\n\n\n<h2 id=\"installation-update-information\" class=\"wp-block-heading\">Installation\/Update Information<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">To get this version, update automatically from the Dashboard &gt; Updates menu in your site\u2019s admin area or visit&nbsp;<a href=\"https:\/\/wordpress.org\/download\/release-archive\/\">https:\/\/wordpress.org\/download\/release-archive\/<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">For step-by-step instructions on installing and updating WordPress:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/wordpress.org\/documentation\/article\/updating-wordpress\/\">Updating WordPress<\/a><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">If you are new to WordPress, we recommend that you begin with the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><a href=\"https:\/\/wordpress.org\/support\/article\/new_to_wordpress_-_where_to_start\/\">New To WordPress \u2013 Where to Start<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wordpress.org\/support\/article\/first-steps-with-wordpress\/\">First Steps With WordPress<\/a>&nbsp;or&nbsp;<a href=\"https:\/\/wordpress.org\/documentation\/article\/upgrading-wordpress-extended-instructions\/\">Upgrading WordPress Extended<\/a><\/li>\n\n\n\n<li><a href=\"https:\/\/wordpress.org\/support\/article\/wordpress-lessons\/\">WordPress Lessons<\/a><\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Summary<\/h2>\n\n\n\n<h3 id=\"maintenance-updates\" class=\"wp-block-heading\">Security updates<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">This release features several security fixes. Because this is a security release, <strong>it is recommended that you update your sites immediately.<\/strong><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">The security team would like to thank the following people for <a href=\"https:\/\/hackerone.com\/wordpress?type=team\">responsibly reporting vulnerabilities<\/a>, and allowing them to be fixed in this release:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A Blind SSRF issue reported by <a href=\"https:\/\/hackerone.com\/sibwtf\">sibwtf<\/a>, and subsequently by several other researchers while the fix was being worked on<\/li>\n\n\n\n<li>A PoP-chain weakness in the HTML API and Block Registry reported by <a href=\"https:\/\/github.com\/hackerlo2003\">Phat RiO<\/a><\/li>\n\n\n\n<li>A regex DoS weakness in numeric character references reported by Dennis Snell of the WordPress Security Team<\/li>\n\n\n\n<li>A stored XSS in nav menus reported by <a href=\"https:\/\/x.com\/Savphill\">Phill Savage<\/a><\/li>\n\n\n\n<li>An AJAX <code>query-attachments<\/code> authorization bypass reported by <a href=\"https:\/\/www.vitalysim.com\/\">Vitaly Simonovich<\/a><\/li>\n\n\n\n<li>A stored XSS via the <code>data-wp-bind<\/code> directive reported by <a href=\"https:\/\/profiles.wordpress.org\/kaminuma\/\">kaminuma<\/a><\/li>\n\n\n\n<li>An XSS that allows overridding client-side templates in the admin area reported by <a href=\"https:\/\/hackerone.com\/amosec\">Asaf Mozes<\/a><\/li>\n\n\n\n<li>A PclZip path traversal issue reported independently by <a href=\"https:\/\/profiles.wordpress.org\/francescocarlucci\/\">Francesco Carlucci<\/a> and <a href=\"https:\/\/profiles.wordpress.org\/kaminuma\/\">kaminuma<\/a><\/li>\n\n\n\n<li>An authorization bypass on the Notes feature reported by <a href=\"https:\/\/profiles.wordpress.org\/kaminuma\/\">kaminuma<\/a><\/li>\n\n\n\n<li>An XXE in the external getID3 library reported by <a href=\"https:\/\/profiles.wordpress.org\/regex33\/\">Youssef Achtatal<\/a><\/li>\n<\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">The WordPress security team have worked with the maintainer of the external getID3 library, James Heinrich, to coordinate a fix to getID3. A new version of getID3 <a href=\"https:\/\/github.com\/JamesHeinrich\/getID3\/releases\">is available here<\/a>.<br>As a courtesy, these fixes are being backported, where necessary, to all branches eligible to receive security fixes (currently through 4.7). As a reminder, <strong>only the most recent version of WordPress is actively supported<\/strong>.<\/p>\n\n\n\n<h2 id=\"changelog\" class=\"wp-block-heading\">Change log<\/h2>\n\n\n\n<h3 id=\"list-of-files-revised\" class=\"wp-block-heading\">List of files revised<\/h3>\n\n\n\n<pre class=\"wp-block-preformatted\">\/wp-admin\/includes\/class-walker-nav-menu-checklist.php<br>\/wp-admin\/includes\/class-walker-nav-menu-edit.php<br>\/wp-admin\/includes\/file.php<br>\/wp-includes\/html-api<br>\/wp-includes\/class-wp-html-tag-processor.php<br>\/wp-includes\/ID3\/getid3.lib.php<br>\/wp-includes\/interactivity-api\/class-wp-interactivity-api.php<br>\/wp-includes\/rest-api\/endpoints\/class-wp-rest-comments-controller.php<br>\/wp-includes\/class-wp-block-patterns-registry.php<br>\/wp-includes\/class-wp-http-ixr-client.php<br>\/wp-includes\/kses.php<br>\/wp-includes\/media.php<br>\/wp-includes\/nav-menu.php<br>\/wp-includes\/template-loader.php<\/pre>\n\n\n\n<h3 class=\"wp-block-heading\">List of packages revised<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">No package was revised.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>On March 10, 2026, WordPress 6.9.2 was released to the public. Installation\/Update Information To get this version, update automatically from the Dashboard &gt; Updates menu in your site\u2019s admin area or visit&nbsp;https:\/\/wordpress.org\/download\/release-archive\/. For step-by-step instructions on installing and updating WordPress: If you are new to WordPress, we recommend that you begin with the following: Summary [&hellip;]<\/p>\n","protected":false},"author":8670591,"featured_media":0,"menu_order":0,"template":"","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false},"helphub_major_release":[104],"class_list":["post-16367033","helphub_version","type-helphub_version","status-publish","hentry","helphub_major_release-6-9"],"revision_note":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/16367033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions"}],"about":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/types\/helphub_version"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/users\/8670591"}],"version-history":[{"count":1,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/16367033\/revisions"}],"predecessor-version":[{"id":16367038,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/wordpress-versions\/16367033\/revisions\/16367038"}],"wp:attachment":[{"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/media?parent=16367033"}],"wp:term":[{"taxonomy":"helphub_major_release","embeddable":true,"href":"https:\/\/wordpress.org\/documentation\/wp-json\/wp\/v2\/helphub_major_release?post=16367033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}