Heads-up all WordPress users! WordPress 5.4.2 was just released earlier today. This latest version is a security and maintenance release that features twenty-three fixes and enhancements as well as some security fixes.
Versions affected by these bugs are WordPress 5.4.1 and earlier. In case you’re still running a version prior to 5.4, and prefer not to install 5.4+, there are updated versions of WordPress 5.3 that contains some of these bug fixes.
.ht
Below are some of the issues that are addressed/fixed in 5.4.2:
- XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
- XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
- open redirect issue in wp_validate_redirect().
- authenticated XSS issue via theme uploads.
- issue where set-screen-option can be misused by plugins leading to privilege escalation.
- issue where comments from password-protected posts and pages could be displayed under certain conditions.
For those who’d like to see or know the complete list of changes, you can browse them on WordPress Trac.
I normally wait a few days whenever a new version of WordPress gets released but when it’s a security & maintenance release, I do the upgrade ASAP.
If you have the time and opportunity to upgrade now, do it! Don’t procrastinate. There are two ways to do the upgrade: via Dashboard > Updates and click on Update Now; or doing it manually by downloading WordPress 5.4.2 and uploading it via FTP.
Don’t forget to create a backup before every upgrade. If you have a backup plugin, use it. If not, you can do it manually by downloading important files such as the wp-config.php, .htaccess, and wp-content folder. Another thing you can do to prevent any issues is to deactivate all active plugins during the upgrade.
Anyone else upgraded to WordPress 5.4.2 security & maintenance release? How do you do upgrade WordPress, automatically or manually?