---
title: WordPress 7.0.1 Fixes Registration Spam, wp_kses() CSS Corruption, and 7.0 Admin Design Glitches
date: "2026-07-10"
author: "Birgit Pauli-Haack"
url: "https://gutenbergtimes.com/wordpress-7-0-1-fixes-registration-spam-wp_kses-css-corruption-and-7-0-admin-design-glitches/"
categories: ["News"]
---

WordPress 7.0.1 is now available. As the first maintenance release of the 7.0 cycle, it’s strictly a bug-fix release: every included ticket addresses either a regression introduced during 7.0 development or an issue intentionally deferred at the end of the cycle.

The release ships fixes for 17 core Trac tickets and 14 Gutenberg PRs. Because this is a maintenance release, sites with automatic background updates enabled will update to 7.0.1 automatically — everyone else should update as soon as possible. Here’s what stands out for each audience.

Kudos to release lead Aaron Jorbin and his team for pushing this release over the finish line and getting it into hands of WordPress users quickly.

## The most important fixes for end users

**Registration page spam is shut down ([#63085](https://core.trac.wordpress.org/ticket/63085)).** The account registration page could be abused to send “Login details” spam emails from your site. This is arguably the most impactful fix in the release for anyone running a site with open registration — it protects both your users’ inboxes and your domain’s email reputation.

**The 7.0 admin reskin gets its rough edges sanded off.** WordPress 7.0’s refreshed admin design shipped with a handful of visual glitches that this release cleans up:

- Form elements are now standardized in the mobile viewport (#64999)
- The image editor’s scale and crop inputs no longer mismatch in size, and the info icon uses the new color scheme (#64937, #65428)
- The publish settings panel no longer crowds its primary action buttons together (#65286)
- The Media Library’s loading spinner is properly aligned in the modal filter toolbar, and the search bar no longer jumps position after a search (#65275, #65296)
- A “black flash” that briefly appeared on wp-admin pages before the interface finished loading is gone (Gutenberg #78493)

**Emoji behave correctly again.** Two related fixes: the emoji detection script is once more printed in the admin ([#65310](https://core.trac.wordpress.org/ticket/65310)), and certain characters are no longer incorrectly replaced by Twemoji images ([#64318](https://core.trac.wordpress.org/ticket/64318)).

**Accessibility improvements to the new revisions experience.** The Visual History / Revisions feature introduced in 7.0 receives several accessibility fixes: focus now moves to the revisions slider when entering revisions mode, and changed blocks are marked with a CSS outline as a secondary, non-color indicator — important for users with low vision or color blindness ([#65122](https://core.trac.wordpress.org/ticket/65122), Gutenberg [#77530](https://github.com/WordPress/gutenberg/pull/77530), [#78393](https://github.com/WordPress/gutenberg/pull/78393), [#79691](https://github.com/WordPress/gutenberg/pull/79691)).

## The most important fixes for developers

**`wp_kses()` no longer corrupts valid CSS ([#65270](https://core.trac.wordpress.org/ticket/65270)).** Since 7.0 RC4, `wp_kses()` could mangle legitimate `background-image: url(…)` declarations into a broken `style=")"` attribute. If your theme or plugin outputs inline background images through KSES-filtered content, 7.0.1 restores expected behavior — any workarounds you shipped can now be removed.

**`global-styles-inline-css` can be dequeued again ([#65336](https://core.trac.wordpress.org/ticket/65336)).** Since 7.0, developers were unable to remove the global styles inline stylesheet. If your build pipeline or performance optimization strips this and re-serves it another way, that control is back.

**PHP 8.5 compatibility fix in `wp_get_attachment_image_src()` ([#64742](https://core.trac.wordpress.org/ticket/64742)).** An incorrect array access triggered issues under PHP 8.5. If you’re testing sites on newer PHP versions, this removes one blocker.

**A removed Navigation function returns as a deprecated shim (Gutenberg [#78484](https://github.com/WordPress/gutenberg/pull/78484)).** `block_core_navigation_submenu_render_submenu_icon()` was removed in 7.0, breaking themes and plugins that called it directly. It’s restored as a deprecated shim — but treat this as your migration notice, not a reprieve. Update any code that references it.

**Editor state management fixes reduce false “unsaved changes” warnings.** Two Gutenberg fixes matter here:

- controlled/mode block changes are now marked non-persistent (#79350), and
- related navigation entities are no longer dirtied during passive renders (#79000).

Together these should mean fewer spurious dirty states and a cleaner undo history — a quality-of-life improvement if you build with template parts and navigation blocks.

**Block Visibility: “hide everywhere” keeps working after a block opts out of visibility support ([#65389](https://core.trac.wordpress.org/ticket/65389)).** If you register blocks that disable visibility support, previously hidden instances now stay hidden as expected.

## How to update

You can update directly from **Dashboard → Updates** in your site’s admin, run `wp core update` with WP-CLI, or download WordPress 7.0.1 from WordPress.org and install it manually. Sites that support automatic background updates for minor releases will begin updating on their own shortly.

The full ticket list is available in the[ release candidate announcement](https://make.wordpress.org/core/2026/07/01/wordpress-7-0-1-rc1-is-now-available/), Trac report 4, and the 7.0.x editor tasks board on GitHub.

## What’s next: WordPress 7.1

With 7.0.1 out the door, attention turns to the next major release: WordPress 7.1 is scheduled for August 19, 2026. To see what’s planned for the release, check out the [Roadmap to 7.1](https://make.wordpress.org/core/2026/06/19/roadmap-to-7-1/) on the Make WordPress Core blog.