WordPress 5.3.1 is a security and maintenance release that has 46 fixes and enhancements. And even better, it fixes serval security problems found by the following people:

  • Daniel Bachhuber for finding an issue where an unprivileged user could make a post sticky via the REST API.
  • Simon Scannell of RIPS Technologies for finding and disclosing an issue where cross-site scripting (XSS) could be stored in well-crafted links.
  • WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
  • Nguyen The Duc for discovering a stored XSS vulnerability using block editor content.

Do a free scan at wpsec.com to check if your WordPress installation is safe.

 

Leave a Reply

Your email address will not be published. Required fields are marked *