WordPress 5.3.1 security update

WordPress 5.3.1 security update

WordPress has released version 5.3.1 security update that fixes multiple bugs. All WordPress versions 5.3 and earlier are affected.

WordPress version 5.3.1 is a short-cycle security release. Moreover, the next major release will be WordPress version 5.4.

According to the WordPress 5.3.1 security release, the following four security issues have been fixed:

  • Issue where an unprivileged user could make a post sticky via the REST API.
  • Issue where cross-site scripting (XSS) could be stored in well-crafted links.
  • Hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
  • A stored XSS vulnerability using block editor content.

Users and administrators can download the latest version automatically from the Dashboard > Updates menu in your site’s admin area or visit the WordPress download page.