WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities

Sarah Gooding

May 16

WordPress 6.2.1 was released today. Those with automatic background updates enabled should see a notice in their email, as updates rolled out earlier today.

This is a maintenance and security release that includes important fixes for five security vulnerabilities outlined by core contributor and release co-lead Jb Audras:

Block themes parsing shortcodes in user generated data
A CSRF issue updating attachment thumbnails
A flaw allowing XSS via open embed auto discovery
Bypassing of KSES sanitization in block attributes for low privileged users
A path traversal issue via translation files

The patches were backported to WordPress 4.1. Now that these vulnerabilities are public, it’s recommended that users update immediately.

WordPress 6.2.1 also includes 20 core bug fixes and 10 fixes for the block editor, all detailed with ticket numbers in the release candidate post.

Comment

Unsubscribe to no longer receive posts from WP Tavern.
Change your email settings at manage subscriptions.

Trouble clicking? Copy and paste this URL into your browser:
https://wptavern.com/wordpress-6-2-1-released-with-fixes-for-5-security-vulnerabilities

Get the Jetpack app to use Reader anywhere, anytime

Follow your favorite sites, save posts to read later, and get real-time notifications for likes and comments.

Learn how to build your website with our video tutorials on YouTube.

Automattic, Inc. – 60 29th St. #343, San Francisco, CA 94110

Visits:190

Today: 1

Total: 3288463

Chat read-only to anonymous users. Chat with Anyone and Anywhere. Only registered users are allowed to send messages.

Loading the chat ...

93297 Register Login

WordPress 6.2.1 Released with Fixes for 5 Security Vulnerabilities

Leave a Reply Cancel reply