Application security, Patch/Configuration Management, Vulnerability Management

WordPress patches four security vulnerabilities

WordPress has pushed out version 5.3.1 patching four security issues.

WordPress versions 5.3 and earlier are affected and the company is recommending users download the new version, which is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released.

The company did not make note of any CVEs, but said in a statement the vulnerabilities included an issue where an unprivileged user could make a post sticky via the REST API; an problem where cross-site scripting (XSS) could be stored in well-crafted links; a stored XSS vulnerability using block editor content and the fix also hardens wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.