WordPress has released WordPress 5.4.2 security and maintenance update that includes fixes for multiple security issues and bugs. All WordPress versions 5.4.1 and earlier are affected.
According to the WordPress 5.4.2Â security release, the following 6 security issues have been fixed (3 of those XSS vulnerabilities):
- XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
- XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
- Open redirect issue in wp_validate_redirect().
- Authenticated XSS issue via theme uploads.
- Issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Issue where comments from password-protected posts and pages could be displayed under certain conditions.
In addition, readers may also check out the Wordfence blog post for more details on the WordPress vulnerabilities.
The latest WordPress update also addresses 23 bugs and feature enhancements. The next major release will be WordPress version 5.5.