WordPress team has declared that they will be rolling out general availability of WordPress 5.4.2, which is a release that is rolled out to fix the number of security fixes, along with some improvements. The bugs which were discovered in WordPress version 5.4 are now fixed in version 5.4.2. Some of the bugs which were present in version 5.3 were also fixed in the latest version.
Security Updates
- Credits to Mr. Sam Thomas (jazzy2fives) for discovering an XSS problem where the authorized users with low privileges are able to add JavaScript to posts in the block editor.
- Credits to Luigi (gubello.me) for finding an XSS problem where the authorized users who have the privilege of upload permissions can add JavaScript to media files.
- Credits to Ben Bidner, a staff of WordPress Security crew for discovering an open redirect problem in wp_validate_redirect()
- Credits to Nrimo Ing Pandum for discovering an authorized XSS issue through theme uploads.
- Credits to Simon Scannell of RIPS Technologies for discovering an issue where set-screen-option could be abused by plugins which will lead to privilege escalation.
- Credits to Carolina Nymark for identifying an issue where comments from password-protected posts and pages could be revealed under specific circumstances.
In WordPress 5.4, the Button component for WordPress admin space design has been improved with various modifications and additions. (Details)
If you want to download the latest version of WordPress 5.4.2 from the page or you can visit your Dashboard –> Updates and click Update Now. Make us know what features you see exciting and what you’d look to view in the next major WordPress release version 5.5.
Looking for more software news? Stay tuned for the latest update news, subscribe to our newsletter to get the latest updates.