Ram Dall over at Wordfence has a good breakdown of three vulnerabilities patched in the WordPress 6.0.2 Security and Maintenance Release. One is a high severity SQLi vulnerability in the links functionality, and the other two are medium severity Cross-Site Scripting vulnerabilities.

Ram says “Most actively used WordPress sites should be patched via automatic updates within the next 24 hours, and any sites that remain vulnerable would only be exploitable under very specific circumstances.”