WordPress 6.2.1 was launched yesterday and rolled out to websites with automated background updates enabled. The replace included 5 necessary safety fixes. Ordinarily, a upkeep and safety launch may be trusted to not break a web site, however many customers are struggling after 6.2.1 removed shortcode support from block templates.
A support forum thread monitoring the damaged shortcodes situation exhibits that this alteration impacts how plugins show issues like breadcrumbs, publication signup types, WPForms, Metaslider, bbPress content material, and extra. The issue impacts template blocks, not websites which are utilizing non-FSE themes.
“It’s completely insane to me that shortcodes have been eliminated by design!” @camknight mentioned within the assist discussion board dialogue. “Each single considered one of our company’s FSE websites makes use of the shortcode block in templates for the whole lot: filters, search, ACF & plugin integrations. That is chaos!!”
One other person, @asjl, studies having this replace break lots of of pages.
“I’ve received the identical drawback on over 600 pages which use 5 or 6 completely different templates with shortcodes in every template on one website and comparable issues on a number of others,” @asjl mentioned.
“I’m wanting ahead to enhancing every of these pages to get the shortcode again in place. Or backtracking to six.2 and turning off updates.”
It’s not clear why shortcode blocks which are in block theme template elements nonetheless work, however that is one workaround that has been prompt to customers. In a trac ticket for the problem others have prompt including a PHP file for a plugin known as “Shortcode Repair” to the plugins folder, however this workaround reintroduces the safety situation.
Different customers are being compelled to revert to earlier insecure variations of WordPress with a purpose to preserve vital performance on their websites working. WordPress developer Oliver Campion commented on the Trac ticket with extra particulars about how websites are at the moment utilizing shortcodes in templates:
This replace has been nothing in need of a catastrophe. I can’t perceive how there was no warning of such a damaging, automated roll out!
We now have managed to rollback affected websites to v6.2 and block automated core updates till there’s a appropriate resolution, which we hope is imminent as a result of reported safety points!
Shortcode Blocks, in our opinion, are completely important to the design course of when utilizing Block Themes.
We use them to inject traditional menus that may have dynamic menu objects (similar to signal out), dynamic header content material, specialised loops and footer content material that’s so simple as exhibiting the present yr within the copyright assertion to exhibiting a contact type or different such dynamic content material. And that’s simply what I can consider from the highest of my head.
An unlucky consequence of this replace is that it has destroyed many customers’ confidence in WordPress’ automated updates. This sort of breaking change ought to by no means occur in a launch that auto installs in a single day.
Even when it’s completely essential to keep away from a zero-day vulnerability on WordPress websites, discontinued shortcode assist in block templates ought to have been accompanied with extra info to assist affected customers discover a resolution.
The one communication customers acquired about this was a brief, insufficient observe on the vulnerability within the 6.2.1 launch put up “Block themes parsing shortcodes in person generated information.”
Fixing all of those shortcode makes use of on web sites that closely depend on them would have already got been a problem for a lot of, even with advance discover. Delivery this breaking change in an automated replace, with out a correct clarification of the way it impacts customers, solely served to twist the knife.
Throughout at this time’s core dev assembly, WordPress 6.2.1 co-release lead Jb Audras said this situation could immediate a fast 6.2.2 launch however the particulars will not be but out there.
“As chances are you’ll know, one safety repair led to an necessary situation with shortcodes utilized in templates,” Audras mentioned. “The difficulty is at the moment actively mentioned within the Safety Editor crew, and a few speculation have been made to type this out in a fast follow-up launch.
“No schedule out there for now – it’ll rely upon the follow-up patch at the moment mentioned by the Editor crew.”
Within the meantime, those that can’t make use of a workaround and wish to rollback to six.2 can can use the WP Downgrade plugin as a short lived repair, with the information that this leaves the positioning weak till a everlasting resolution may be put in place.