{"id":322410,"date":"2026-03-10T19:48:32","date_gmt":"2026-03-10T18:48:32","guid":{"rendered":"https:\/\/borncity.com\/blog\/?p=322410"},"modified":"2026-03-11T09:01:05","modified_gmt":"2026-03-11T08:01:05","slug":"wordpress-6-9-2-erschienen","status":"publish","type":"post","link":"https:\/\/borncity.com\/blog\/2026\/03\/10\/wordpress-6-9-2-erschienen\/","title":{"rendered":"WordPress 6.9.2 erschienen; WordPress 6.9.3 nachgeschoben"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/borncity.com\/blog\/wp-content\/uploads\/2014\/07\/wp_thumb.jpg\" alt=\"\" width=\"64\" height=\"64\" align=\"left\" \/>Kurze Information: Zum 10. M\u00e4rz 2026 wurde <a href=\"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-6-9-2\/\" target=\"_blank\" rel=\"noopener\">WordPress 6.9.2<\/a> ver\u00f6ffentlicht. Es handelt sich um ein Wartungsupdate, welches Bugs fixen soll, wohl aber nur eine kurze Lebensdauer aufweisen d\u00fcrfte. Denn die Ver\u00f6ffentlichung von WordPress 7.0 ist bereits f\u00fcr den 9. April 2026 auf der WordCamp Asia geplant. <strong>Erg\u00e4nzung:<\/strong> Bug-Fix auf WordPress 6.9.3.<\/p>\n<p><!--more--><\/p>\n<h2>WordPress 6.9.2\u00a0 ist da<\/h2>\n<p>Bei Websites, die automatische Hintergrundaktualisierungen unterst\u00fctzen, wird der Aktualisierungsvorgang automatisch gestartet (war bei einigen meiner Nischenblogs der Fall). Den IT-Blog hier sowie den englischsprachigen IT-Blog habe ich manuell auf WordPress 6.9.2 umgestellt. Bisher scheint es keine Probleme zu geben. Laut den <a href=\"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-6-9-2\/\" target=\"_blank\" rel=\"noopener\">Release Notes<\/a> enth\u00e4lt WordPress 6.9.2 mehrere Sicherheitskorrekturen.<\/p>\n<ul class=\"wp-block-list\">\n<li>A Blind SSRF issue reported by\u00a0<a href=\"https:\/\/hackerone.com\/sibwtf\" target=\"_blank\" rel=\"noopener\">sibwtf<\/a>, and subsequently by several other researchers while the fix was being worked on<\/li>\n<li>A PoP-chain weakness in the HTML API and Block Registry reported by\u00a0<a href=\"https:\/\/github.com\/hackerlo2003\" target=\"_blank\" rel=\"noopener\">Phat RiO<\/a><\/li>\n<li>A regex DoS weakness in numeric character references reported by Dennis Snell of the WordPress Security Team<\/li>\n<li>A stored XSS in nav menus reported by\u00a0<a href=\"https:\/\/x.com\/Savphill\" target=\"_blank\" rel=\"noopener\">Phill Savage<\/a><\/li>\n<li>An AJAX\u00a0<code>query-attachments<\/code>\u00a0authorization bypass reported by\u00a0<a href=\"https:\/\/www.vitalysim.com\/\" target=\"_blank\" rel=\"noopener\">Vitaly Simonovich<\/a><\/li>\n<li>A stored XSS via the\u00a0<code>data-wp-bind<\/code>\u00a0directive reported by\u00a0<a href=\"https:\/\/profiles.wordpress.org\/kaminuma\/\" target=\"_blank\" rel=\"noopener\">kaminuma<\/a><\/li>\n<li>An XSS that allows overridding client-side templates in the admin area reported by\u00a0<a href=\"https:\/\/hackerone.com\/amosec\" target=\"_blank\" rel=\"noopener\">Asaf Mozes<\/a><\/li>\n<li>A PclZip path traversal issue reported independently by\u00a0<a href=\"https:\/\/profiles.wordpress.org\/francescocarlucci\/\" target=\"_blank\" rel=\"noopener\">Francesco Carlucci<\/a> and\u00a0<a href=\"https:\/\/profiles.wordpress.org\/kaminuma\/\" target=\"_blank\" rel=\"noopener\">kaminuma<\/a><\/li>\n<li>An authorization bypass on the Notes feature reported by\u00a0<a href=\"https:\/\/profiles.wordpress.org\/kaminuma\/\" target=\"_blank\" rel=\"noopener\">kaminuma<\/a><\/li>\n<li>An XXE in the external getID3 library reported by\u00a0<a href=\"https:\/\/profiles.wordpress.org\/regex33\/\" target=\"_blank\" rel=\"noopener\">Youssef Achtatal<\/a><\/li>\n<\/ul>\n<p>Da es sich um eine Sicherheitsversion handelt, wird empfohlen, die WordPress-Instanz umgehend zu aktualisieren.<\/p>\n<h2>WordPress 6.9.3 nachgeschoben<\/h2>\n<p><strong>Nachtrag:<\/strong> Die Halbwertzeit der 6.9.2 betrug nicht mal 24 Stunden &#8211; als ich eben den Blog aufrief, wurde mir\u00a0WordPress 6.9.3 angeboten. Gefixt wird ein Bug, der bei einigen Templates zu Problemen f\u00fchrt. Erkl\u00e4rung in den <a href=\"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-6-9-3\/\" target=\"_blank\" rel=\"noopener\">Release Notes<\/a>:<\/p>\n<blockquote><p>This release features a bugfix for some themes that use an unusual \"stringable object\" mechanism when loading template file paths that broke in\u00a0<a href=\"https:\/\/wordpress.org\/documentation\/wordpress-version\/version-6-9-2\/\" target=\"_blank\" rel=\"noopener\">the 6.9.2 security release<\/a>. Although this is is not an officially supported approach to loading template files in WordPress (the\u00a0<code>template_include<\/code>\u00a0filter only accepts a string), it nevertheless caused some sites to break so the team have decided to address this in a fast follow 6.9.3 release. Users using affected themes should update to 6.9.3 to restore the front end of their site to an operational state.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Kurze Information: Zum 10. M\u00e4rz 2026 wurde WordPress 6.9.2 ver\u00f6ffentlicht. Es handelt sich um ein Wartungsupdate, welches Bugs fixen soll, wohl aber nur eine kurze Lebensdauer aufweisen d\u00fcrfte. Denn die Ver\u00f6ffentlichung von WordPress 7.0 ist bereits f\u00fcr den 9. April &hellip; <a href=\"https:\/\/borncity.com\/blog\/2026\/03\/10\/wordpress-6-9-2-erschienen\/\">Weiterlesen <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[185,1574],"tags":[4315,4349],"class_list":["post-322410","post","type-post","status-publish","format-standard","hentry","category-update","category-wordpress","tag-update","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/322410","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/comments?post=322410"}],"version-history":[{"count":4,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/322410\/revisions"}],"predecessor-version":[{"id":322429,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/posts\/322410\/revisions\/322429"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/media?parent=322410"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/categories?post=322410"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/blog\/wp-json\/wp\/v2\/tags?post=322410"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}