WordPress 5. 4. two is now available!

This protection and maintenance release features twenty three fixes and enhancements. In addition, it adds a number of safety fixes—see the list below.

These types of bugs affect WordPress variations 5. 4. 1 plus earlier; version 5. four. 2 fixes them, therefore you’ll want to upgrade.

In case you haven’t yet updated to five. 4, there are also updated types of 5. 3 in addition to earlier that fix the particular bugs for you.

Safety Updates

WordPress editions 5. 4 and previously are affected by the following bugs, that are fixed in version five. 4. 2 . If you have not yet updated to 5. some, there are also updated versions associated with 5. 3 and before that fix the security problems.

  • Props to Mike Thomas (jazzy2fives) for finding a good XSS issue where verified users with low liberties are able to add JavaScript in order to posts in the block publisher.
  • Props to be able to Luigi – ( gubello. me ) for discovering a great XSS issue where identified users with upload accord are able to add JavaScript for you to media files.
  • Props to Ben Bidner of the WordPress Security Group for finding an open redirect a significant wp_validate_redirect() .
  • Props to help Nrimo Ing Pandum for finding an authenticated XSS issue via theme submissions.
  • Props towards Claire Scannell of RIPS Systems for finding a problem where set-screen-option can be abused by plugins leading to opportunity escalation.
  • Stage sets to Carolina Nymark for discovering an issue exactly where comments from password-protected articles and pages could be shown under certain conditions.

Thank you to all of the reporters for  independently disclosing the vulnerabilities . This gave the security group time to fix the weaknesses before WordPress sites might be attacked.

One maintenance up-date was also deployed to variants 5. 1, 5. a couple of and 5. 3. View the associated developer note for more information.

You can browse the  full listing of changes on Trac .

For more info, browse the full set of changes on Trac or even check out the Version  5. 4. 2 paperwork page .

WordPress a few. 4. 2 is a short-cycle maintenance release. The next main release will be  version 5. your five .

You can download Blogger 5. 4. 2 from your button at the top of this page, or perhaps visit your   Dashboard → Updates   and click  Update Now .

In case you have sites that support automated background updates, they’ve currently started the update procedure.

Thanks and props!

Besides the security researchers mentioned above, many thanks to everyone who assisted make WordPress 5. 5. 2 happen:

Andrea Fercia , argentite , Meters Asif Rahman , Jb Audras , Ayesh Karunaratne , bdcstr , Delowar Hossain , Rob Migchels , donmhico , Ehtisham Siddiqui , Emilie LEBRUN , finomeno , garethgillman , Giorgio25b , Gabriel Maldonado , Hector F , Ian Belanger , Aaron Jorbin , Mathieu Viet , Javier Casares , Later on McGill , jonkolbert , Jono Alderson , Joy , Tammie Lister , Kjell Reigstad , KT , markusthiel , Mayank Majeji , Mel Choyce-Dwan , mislavjuric , Mukesh Panchal , Nikhil Bhansi , oakesjosh , Dominik Schilling , Arslan Ahmed , Peter Wilson , Carolina Nymark , Stephen Bernhardt , Ted Fullalove , Alain Schlesser , Sergey Biryukov , skarabeq , Daniel Richards , Toni Viemerö , suzylah , Timothy Jacobs , TeBenachi , Jake Spurlock and yuhin .

Read More from the Source

By JDCAI