WordPress has pushed out version 5.3.1 patching four security issues.

WordPress versions 5.3 and earlier are affected and the company is recommending users download the new version, which is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released.

The company did not make note of any CVEs, but said in a statement the vulnerabilities included an issue where an unprivileged user could make a post sticky via the REST API; an problem where cross-site scripting (XSS) could be stored in well-crafted links; a stored XSS vulnerability using block editor content and the fix also hardens wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.