WordPress 5.8.3 Security Release is now available. It includes four crucial security fixes. This security release was issued by WordPress and is for all the previous versions. WordPress suggests strongly that you have this update applied to your WordPress site without delay and so do we.
WordPress versions between 3.7 and 5.8 include the below-mentioned security issues. The update, 5.8.3 fixes that issue. Updates for all the WordPress versions since 3.7 are also available for any users who have not yet updated to 5.8.
WordPress 5.8.3 Security Update
- Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
- Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
- Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
- Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).
We, as WordPressers, owe it to the reporters of these issues for practicing responsible disclosure. The previous version of WordPress, WordPress 5.8.2 was released on 10th November 2021.
You can download WordPress 5.8.2 here or venture over to your WordPress Dashboard > Update and simply click on the Update Now button. Sites that support automatic background updates are already beginning to update to WordPress 5.8.3.
WordPress 5.8.3 Security Release is a short-cycle release and the next major release is WordPress 5.9.
Jonathan Descrosiers and Evan Mullins were the Lead for this release.