On 17 July 2026, the WordPress team released a new version, WordPress 7.0.2. This is a security-focused update that fixes several vulnerabilities in the WordPress core.
The good news is that the fix is already available and quick and easy to apply. In this article we explain briefly what happened and what the next steps are, without unnecessary technical details.
In short
On 17 July 2026, WordPress 7.0.2 was released with important security fixes. Sites running version 6.8 and every later version are affected, so we recommend updating yours to version 7.0.2 without delay. If you need help, the Jump.bg team is here for you.
What happened
The new version fixes two vulnerabilities in the WordPress core. The table below summarizes, in plain language, what they are and how serious they are:
| Vulnerability | What it could allow | Severity |
|---|---|---|
| CVE-2026-63030 | Remote takeover of the site, without any username or password. | Critical |
| CVE-2026-60137 | Access to information in the site’s database that should stay hidden. | High |
In both cases, the site needs to be running an affected version that has not yet been updated. Updating to 7.0.2 removes the risk entirely, so that is all you need to do to be safe.
Full technical information about both issues is available in the official WordPress announcement.
Is my site affected?
The vulnerabilities affect the following WordPress versions:
| WordPress version | Affected? | What to do |
|---|---|---|
| 6.8 and every later version | Yes | Update to 7.0.2 |
| Before 6.8 | No | No action required, but keep your version current |
If you are not sure which version you are using, you can find it in the WordPress admin area, in the bottom right corner of the screen or under Dashboard → Updates.
Why it is a good idea to act now
Because the fix is already public, information about the vulnerabilities is available to malicious actors as well, and sites that have not been updated may become a target of automated attacks. The good news is that updating takes only a few minutes and removes the risk entirely.
What to do
Updating WordPress takes only a few minutes. Follow these simple steps:
- Create a backup of your site. This is good practice before any update.
- Log in to the WordPress admin area.
- Open Dashboard → Updates.
- If an update is available, click Update Now.
- Make sure the version is now 7.0.2.
In many cases WordPress applies important security updates automatically, but it is a good idea to check manually as well, so you can be sure your site is protected.
Need help?
If you are not sure which version you are using, run into difficulties with the update, or simply want someone to check that everything is fine, the Jump.bg support team is here to help. Contact us and we will guide you step by step.
If you are still choosing where to host your site, take a look at our WordPress hosting plans. They are fast, secure and backed by expert support, so you can focus on your business.
Your site’s security matters to us. If you have any questions, contact the Jump.bg team. We are here to help.