10 September 2021 at 13:23 UTC
Up to date: 10 September 2021 at 17:00 UTC
Block editor XSS and REST API knowledge publicity points amongst now-patched bugs
WordPress has rolled out an replace to its core codebase that features mitigations in opposition to a number of troublesome safety flaws
In addition to fixing 61 bugs, WordPress 5.8.1, launched yesterday (September 9), addresses a knowledge publicity vulnerability inside the REST API, an interface that enables plugins and themes to work together with WordPress core.
It additionally fixes a cross-site scripting (XSS) vulnerability within the Gutenberg block editor. This was found by Polish hacker Michał Bentkowski, who said he reported the bug “a very long time in the past” and would quickly publish a write-up.
The replace additionally contains 41 bug fixes on WordPress core, in addition to 20 bug fixes for the block editor.
The open source net big recommends that net admins replace their websites to model 5.8.1 as quickly as attainable.
Model 5.8, the most recent main WordPress launch, was rolled out in July, extending the Website Well being admin interface to make it simpler for builders to incorporate their very own tabs and permit web site directors to navigate their method across the Website Well being portal extra simply.
It additionally added a number of new block editor options, help for the WebP picture format, an ‘Replace URI’ header for plugin builders, and modifications to the REST API.
The subsequent main launch will likely be model 5.9, presently in alpha, with beta 1 set for November 16 and basic launch deliberate for December 14.
“The principle purpose for 2021 is getting full web site enhancing to all WordPress customers,” says government director Josepha Haden Chomphosy.