WordPress 5.4.2 Security & Maintenance Release

Heads-up all WordPress users! WordPress 5.4.2 was just released earlier today. This latest version is a security and maintenance release that features twenty-three fixes and enhancements as well as some security fixes.

Versions affected by these bugs are WordPress 5.4.1 and earlier. In case you’re still running a version prior to 5.4, and prefer not to install 5.4+, there are updated versions of WordPress 5.3 that contains some of these bug fixes.
Below are some of the issues that are addressed/fixed in 5.4.2:

  • XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
  • XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • open redirect issue in wp_validate_redirect().
  • authenticated XSS issue via theme uploads.
  • issue where set-screen-option can be misused by plugins leading to privilege escalation.
  • issue where comments from password-protected posts and pages could be displayed under certain conditions.

For those who’d like to see or know the complete list of changes, you can browse them on WordPress Trac.

I normally wait a few days whenever a new version of WordPress gets released but when it’s a security & maintenance release, I do the upgrade ASAP.

If you have the time and opportunity to upgrade now, do it! Don’t procrastinate. There are two ways to do the upgrade: via Dashboard > Updates and click on Update Now; or doing it manually by downloading WordPress 5.4.2 and uploading it via FTP.

Don’t forget to create a backup before every upgrade. If you have a backup plugin, use it. If not, you can do it manually by downloading important files such as the wp-config.php, .htaccess, and wp-content folder. Another thing you can do to prevent any issues is to deactivate all active plugins during the upgrade.

Anyone else upgraded to WordPress 5.4.2 security & maintenance release? How do you do upgrade WordPress, automatically or manually?

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 

Leave a Reply

Your email address will not be published. Required fields are marked *