WordPress has released version 4.5.3 of its content management system, fixing eight security vulnerabilities that surfaced in previous versions, as well as 17 other bugs.

In its latest online maintenance and security release, WordPress described the eight security holes as follows: a redirect bypass in the customizer, two cross-site scripting problems via attachment names, a revision history information disclosure issue, an oEmbed denial of service flaw, the unauthorized category removal from a post, password changes via stolen cookies and insufficiently secure “sanitize_file_name” edge cases.

WordPress has recommended that its users update their websites immediately with the new version. Sites that support automatic background updates have already begun updating to 4.5.3.