WordPress has released version 5.3.1 security update that fixes multiple bugs. All WordPress versions 5.3 and earlier are affected.
WordPress version 5.3.1 is a short-cycle security release. Moreover, the next major release will be WordPress version 5.4.
According to the WordPress 5.3.1 security release, the following four security issues have been fixed:
- Issue where an unprivileged user could make a post sticky via the REST API.
- Issue where cross-site scripting (XSS) could be stored in well-crafted links.
- Hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
- A stored XSS vulnerability using block editor content.
Users and administrators can download the latest version automatically from the Dashboard > Updates menu in your site’s admin area or visit the WordPress download page.