WordPress published security release version 6.9.2 to patch multiple vulnerabilities, but the update caused some sites to crash (display a white screen), so WordPress quickly followed up with an additional update that contains a bugfix for the issue introduced by version 6.9.2.
WordPress security firm Wordfence published details of four of the vulnerabilities, which were rated as medium severity, while WordPress.org published the full list of ten, including one that’s due to an external PHP library.
Timeline Of WordPress Sites Crashing
Some WordPress users reported that the security update caused their sites to crash. Some on Reddit speculated that there was something wrong with the WordPress security patch, inferring that it was related to vibe coding. A discussion in the official WordPress forums describing issues with site functionality also started soon after the security patch was released.
The first post described their issue:
“A few minutes ago I got an update from Dreamhost that my website had automatically updated to WP 6.9.2. Now any page I try to load is coming up blank. I can still log into the back end, the pages are still there for editing, content is present, but when I go to the home page or any other page, nothing is displaying (view source is also empty.)
WordPress 6.9.2 with Crio theme, up to date.”
Others followed, describing similar problems, and a few posts later, one of the core developers responded to say that the issue is directly related to something in certain themes and suggested verifying that by switching to another theme. Seven hours after the initial post, the person who started the thread posted again to note that WordPress had issued a bugfix, version 6.9.3, to address the issues introduced by version 6.9.2, which were due to how certain themes were coded and not the security release itself.
Official Response From WordPress
The problem with sites crashing appears to relate to a non-standard way that certain themes load template files. Those themes were using an unsupported way of loading templates, which then led to a conflict with the patch. WordPress engineers quickly issued an additional patch to address those issues, even though the problem was on the theme side, not WordPress.
According to WordPress’s notes for the bugfix in version 6.9.3:
“This release features a bugfix for some themes that use an unusual “stringable object” mechanism when loading template file paths that broke in the 6.9.2 security release.
Although this is is not an officially supported approach to loading template files in WordPress (the template_include filter only accepts a string), it nevertheless caused some sites to break so the team have decided to address this in a fast follow 6.9.3 release. Users using affected themes should update to 6.9.3 to restore the front end of their site to an operational state.”
Wordfence Advisory
Wordfence published details of four of the vulnerabilities, with CVSS severity ratings…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
