Home Cyber Crime WordPress 5.8.1 security release addresses clutch of vulnerabilities

WordPress 5.8.1 security release addresses clutch of vulnerabilities


James Walker

10 September 2021 at 13:23 UTC

Up to date: 10 September 2021 at 17:00 UTC

Block editor XSS and REST API knowledge publicity points amongst now-patched bugs

WordPress 5.8.1 security release addresses trio of vulnerabilities

WordPress has rolled out an replace to its core codebase that features mitigations in opposition to a number of troublesome safety flaws

In addition to fixing 61 bugs, WordPress 5.8.1, launched yesterday (September 9), addresses a knowledge publicity vulnerability inside the REST API, an interface that enables plugins and themes to work together with WordPress core.

It additionally fixes a cross-site scripting (XSS) vulnerability within the Gutenberg block editor. This was found by Polish hacker Michał Bentkowski, who said he reported the bug “a very long time in the past” and would quickly publish a write-up.

RELATED WordPress security: Information leak flaw addressed in Ninja Forms

Upstream safety fixes for a number of vulnerabilities within the Lodash JavaScript Library have been additionally bundled into the WordPress launch. These are rated from important to excessive severity.

The replace additionally contains 41 bug fixes on WordPress core, in addition to 20 bug fixes for the block editor.

Core replace

The open source net big recommends that net admins replace their websites to model 5.8.1 as quickly as attainable.

Model 5.8, the most recent main WordPress launch, was rolled out in July, extending the Website Well being admin interface to make it simpler for builders to incorporate their very own tabs and permit web site directors to navigate their method across the Website Well being portal extra simply.

Read more of the latest WordPress security news and analysis

It additionally added a number of new block editor options, help for the WebP picture format, an ‘Replace URI’ header for plugin builders, and modifications to the REST API.

The subsequent main launch will likely be model 5.9, presently in alpha, with beta 1 set for November 16 and basic launch deliberate for December 14.

“The principle purpose for 2021 is getting full web site enhancing to all WordPress customers,” says government director Josepha Haden Chomphosy.

READ MORE Interview: Patchstack’s Oliver Sild on securing WordPress, one plugin vulnerability at a time

Source link