WordPress 5.4.2 Security & Maintenance Release

Heads-up all WordPress users! WordPress 5.4.2 was just released earlier today. This latest version is a security and maintenance release that features twenty-three fixes and enhancements as well as some security fixes.

Versions affected by these bugs are WordPress 5.4.1 and earlier. In case you’re still running a version prior to 5.4, and prefer not to install 5.4+, there are updated versions of WordPress 5.3 that contains some of these bug fixes.
Below are some of the issues that are addressed/fixed in 5.4.2:

  • XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
  • XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • open redirect issue in wp_validate_redirect().
  • authenticated XSS issue via theme uploads.
  • issue where set-screen-option can be misused by plugins leading to privilege escalation.
  • issue where comments from password-protected posts and pages could be displayed under certain conditions.

For those who’d like to see or know the complete list of changes, you can browse them on WordPress Trac.

I normally wait a few days whenever a new version of WordPress gets released but when it’s a security & maintenance release, I do the upgrade ASAP.

If you have the time and opportunity to upgrade now, do it! Don’t procrastinate. There are two ways to do the upgrade: via Dashboard > Updates and click on Update Now; or doing it manually by downloading WordPress 5.4.2 and uploading it via FTP.

Don’t forget to create a backup before every upgrade. If you have a backup plugin, use it. If not, you can do it manually by downloading important files such as the wp-config.php, .htaccess, and wp-content folder. Another thing you can do to prevent any issues is to deactivate all active plugins during the upgrade.

Anyone else upgraded to WordPress 5.4.2 security & maintenance release? How do you do upgrade WordPress, automatically or manually?

JP Habaradas

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.
View All Articles

Leave a Reply

Your email address will not be published.