WordPress has released WordPress 5.4.2 security and maintenance update that includes fixes for multiple security issues and bugs. All WordPress versions 5.4.1 and earlier are affected.
According to the WordPress 5.4.2 security release, the following 6 security issues have been fixed (3 of those XSS vulnerabilities):
- Open redirect issue in wp_validate_redirect().
- Authenticated XSS issue via theme uploads.
- Issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Issue where comments from password-protected posts and pages could be displayed under certain conditions.
In addition, readers may also check out the Wordfence blog post for more details on the WordPress vulnerabilities.
The latest WordPress update also addresses 23 bugs and feature enhancements. The next major release will be WordPress version 5.5.