WordPress security update (5.7.1) fixes 2 vulnerabilities

WordPress has released WordPress 5.7.1 security and maintenance update that includes fixes for two security vulnerabilities. All WordPress versions between 4.7 and 5.7 are affected.

According to the WordPress 5.7.1 security release, the following 2 security issues have been fixed:

XXE vulnerability within the media library affecting PHP 8.
Data exposure vulnerability within the REST API.

This is the first security update since WordPress 5.7 “Esperanza” was released on March 9, 2021.

Active exploits target WordPress sites running vulnerable Thrive Themes
WordPress plugin WPBakery vulnerability exposed over 4M sites
Critical File Manager plugin vulnerability affects 700k WordPress Websites

Related Articles