WordPress has
pushed out version 5.3.1 patching four security issues.

WordPress
versions 5.3 and earlier are affected and the company is recommending users
download the new version, which is a short-cycle maintenance release and soon will
be superseded by a full update when version 5.4 is released.

The company did
not make note of any CVEs, but said in a statement
the vulnerabilities included an issue where an unprivileged user could make a
post sticky via the REST API; an problem where cross-site scripting (XSS) could
be stored in well-crafted links; a stored XSS vulnerability using block editor
content and the fix also hardens wp_kses_bad_protocol() to ensure that it is
aware of the named colon attribute.





Topics:

Patch
Social Media