WordPress recently released security features to fix four vulnerabilities with the popular website publishing platform.
The short-cycle security release 5.8.3 updates WordPress versions between 3.7 and 5.8, and the company recommended that users should update their sites immediately. Three of the four vulnerabilities are rated as high importance.
The updates fix:
- an issue with stored XSS through post slugs;
- an issue with Object injection in some multi-site installations;
- a SQL injection vulnerability in WP_Query;
- and a SQL injection vulnerability in WP_Meta_query, which is only relevant to versions 4.1 through 5.8.
WordPress noted in the blog post that the next major release will be version 5.9, which is already in the release candidate stage.