WordPress 5.3.1 patches four security vulnerabilities

WordPress has pushed out version 5.3.1 patching four security issues.

WordPress versions 5.3 and earlier contain a few vulnerabilities and the WordPress is recommending users that utilize WordPress to download the the latest version. This is a short-cycle maintenance release and soon will be superseded by a full update when version 5.4 is released.

WordPress did not make note of any CVEs, but they did say in a PUBLIC MESSAGE that the vulnerabilities included contained an issue where a unprivileged user could make a post sticky via the REST API; an problem where cross-site scripting (XSS) could be stored in well-crafted links; a stored XSS vulnerability using block editor content and the fix also hardens wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.

Leave a Reply