Heads-up all WordPress users! WordPress 5.4.2 was just released earlier today. This latest version is a security and maintenance release that features twenty-three fixes and enhancements as well as some security fixes.

Versions affected by these bugs are WordPress 5.4.1 and earlier. In case you’re still running a version prior to 5.4, and prefer not to install 5.4+, there are updated versions of WordPress 5.3 that contains some of these bug fixes.
Below are some of the issues that are addressed/fixed in 5.4.2:

  • XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
  • XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • open redirect issue in wp_validate_redirect().
  • authenticated XSS issue via theme uploads.
  • issue where set-screen-option can be misused by plugins leading to privilege escalation.
  • issue where comments from password-protected posts and pages could be displayed under certain conditions.

For those who’d like to see or know the complete list of changes, you can browse them on WordPress Trac.

I normally wait a few days whenever a new version of WordPress gets released but when it’s a security & maintenance release, I do the upgrade ASAP.

If you have the time and opportunity to upgrade now, do it! Don’t procrastinate. There are two ways to do the upgrade: via Dashboard > Updates and click on Update Now; or doing it manually by downloading WordPress 5.4.2 and uploading it via FTP.

Don’t forget to create a backup before every upgrade. If you have a backup plugin, use it. If not, you can do it manually by downloading important files such as the wp-config.php, .htaccess, and wp-content folder. Another thing you can do to prevent any issues is to deactivate all active plugins during the upgrade.

Anyone else upgraded to WordPress 5.4.2 security & maintenance release? How do you do upgrade WordPress, automatically or manually?

JaypeeOnline is supported by its audience. When you click on the advertisements or purchase through links on our site, we may earn an affiliate commission. Learn more



Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.