WordPress has released version 5.4.1 security update that fixes multiple bugs and security vulnerabilities. All WordPress versions 5.4 and earlier are affected.
WordPress version 5.4.1 is a short-cycle security release. Moreover, the next major release will be WordPress version 5.5.
According to the WordPress 5.4.1 security release, the following 7 security issues have been fixed:
- Issue where password reset tokens were not properly invalidated.
- Certain private posts can be viewed unauthenticated.
- An XSS issue in the Customizer, search block, wp-object-cache and file uploads (4 total).
- A stored XSS vulnerability in the WordPress customizer.
In addition, an authenticated XSS issue that affects the block editor was fixed in WordPress 5.4 RC1 and RC2 (fixed in 5.4 RC5).
Finally, the 5.4.1 update also includes 17 bug fixes.