WordPress 5.3.1 Released – Several Security Vulnerabilities Are Fixed – Update Now

WordPress 5.3.1 released with security and maintenance based updates with 46 fixes and enhancements.

There are 4 security vulnerabilities fixed in this update that affects WordPress versions 5.3 and earlier.

  • The first one is a privilege escalation vulnerability that allows an unprivileged user could make a post sticky via the REST API.
  • The second one is Props to the WordPress.org Security Team for hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute.
  • There are two Cross-site scripts (XSS) vulnerabilities are fixed in this release, one could be stored in well-crafted links and the other one, a stored XSS vulnerability using block editor content.

WordPress announced that the WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4.

There are several maintenance updates are released including the following:

  • Administration: improvements to admin form controls height and alignment standardization (see related dev note), dashboard widget links accessibility and alternate color scheme readability issues (see related dev note).
  • Block editor: fix Edge scrolling issues and intermittent JavaScript issues.
  • Bundled themes: add customizer option to show/hide author bio, replace JS based smooth scroll with CSS (see related dev note) and fix Instagram embed CSS.
  • Date/time: improve non-GMT dates calculation, fix date format output in specific languages and make get_permalink() more resilient against PHP timezone changes.
  • Embeds: remove CollegeHumor oEmbed provider as the service doesn’t exist anymore.
  • External libraries: update sodium_compat.
  • Site health: allow the remind interval for the admin email verification to be filtered.
  • Uploads: avoid thumbnails overwriting other uploads when filename matches, and exclude PNG images from scaling after upload.
  • Users: ensure administration email verification uses the user’s locale instead of the site locale.

How to Update – Wordpress 5.3.1

WordPress 5.3.1 contains 46 maintenance fixes. Updates are simple Dashboard >> Updates >> Update Now.

It is always a good idea to backup your WordPress before proceeding with the update, if there are any issues, you can restore your website.

You can also read WP Hardening – A Free WordPress Security Plugin to Perform Real-time Security Audit On Your WordPress Site

If you are new to WordPress, we recommend that you begin with the following:

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates

Balaji

BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

2 days ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

3 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

3 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

3 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

3 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

3 days ago