WordPress 5.5.2 Security and Maintenance Release

By Write a Comment on WordPress 5.5.2 Security and Maintenance Release2 min read

UPDATE: The WordPress team released a newer version, WordPress 5.5.3 Maintenance Release to address and fix an issue introduced in version 5.5.2 which makes it impossible to install WordPress on a new site that isn’t configured to connect to a database.

I didn’t realize that there was a new version of WordPress that got released today. The only reason I found out that WordPress 5.5.2 is now available was after I received this email from my hosting provider Cloudways:

WordPress 5.5.2 Email Notification

Related Posts
WordPress 6.5 Regina
WordPress 6.5 “Regina” Now Available
WordPress 6.3.2 – Maintenance & Security Release
WordPress 6.1 "Misha"
WordPress 6.1 “Misha” Now Available
WordPress Logo
WordPress 6.0.3 Security Release
WordPress Logo
WordPress 6.0.2 Security and Maintenance Release
WordPress Threaded Comments Not Working
WordPress Threaded Comments Not Working
Elementor Critical Vulnerability
ALERT: Elementor Plugin Critical Remote Code Execution Vulnerability
WordPress Logo
WordPress 5.9.2 Security & Maintenance Release
WordPress Logo
WordPress 5.8.3 Security Release
WordCamp Taiwan 2021
I’m Attending WordCamp Taiwan 2021

Security Issues Fixed by WordPress 5.5.2

WordPress 5.5.2 includes 10 security fixes and an additional 14 different bug fixes. As stated by the WordPress blog, this version 5.5.2 is a short-cycle security and maintenance meaning the next major release will be version 5.6. Also, all versions since 3.7 are automatically updated to fix the following security issues:

  • Hardening deserialization requests
  • Disable spam embeds from disabled sites on a multisite network
  • Issue that could lead to XSS from global variables
  • Issue surrounding privilege escalation in XML-RPC
  • Issue around privilege escalation around post commenting via XML-RPC
  • Method where a DoS attack could lead to RCE
  • Method to store XSS in post slugs
  • Method to bypass protected meta that could lead to arbitrary file deletion
  • Method that could lead to CSRF

Kudos to the WordPress Security team for working on this release as well as the different individuals, organizations, and companies who have reported the various bugs and security issues.

I usually hold out upgrading to a new release unless it’s a maintenance and security release like this one. If your blog is set up to support automatic background updates or if your hosting provider does the upgrades for you, then you have nothing to worry about.

If you don’t have automatic updates enabled for your WordPress-powered blog or website, please make sure that you upgrade as soon as possible. You don’t want to delay and wait for something to happen to your site before doing it. Like the popular quotation says “Prevention is better than cure“.

Anyone else upgraded to WordPress 5.5.2? Do you have automatic background update enabled or do you do it manually? Please share your thoughts by leaving a comment below.

This post may contain affiliate links that allow us to earn commissions at no additional cost to you. We are reader-supported so when you buy through the affiliate links, you are also helping or supporting us. 

Tagged In

JP Habaradas

Owner and editor of JaypeeOnline. Self-proclaimed geek. New media writer and consultant. WordPress advocate. Loves blogging, gadgets, video games and sports. You can follow him on Facebook or Twitter.
View All Articles

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

JaypeeOnline

This website uses cookies to ensure you get the best experience on our website. Learn more