UPDATE: The WordPress team released a newer version, WordPress 5.5.3 Maintenance Release to address and fix an issue introduced in version 5.5.2 which makes it impossible to install WordPress on a new site that isn’t configured to connect to a database.
I didn’t realize that there was a new version of WordPress that got released today. The only reason I found out that WordPress 5.5.2 is now available was after I received this email from my hosting provider Cloudways:
Security Issues Fixed by WordPress 5.5.2
WordPress 5.5.2 includes 10 security fixes and an additional 14 different bug fixes. As stated by the WordPress blog, this version 5.5.2 is a short-cycle security and maintenance meaning the next major release will be version 5.6. Also, all versions since 3.7 are automatically updated to fix the following security issues:
- Hardening deserialization requests
- Disable spam embeds from disabled sites on a multisite network
- Issue that could lead to XSS from global variables
- Issue surrounding privilege escalation in XML-RPC
- Issue around privilege escalation around post commenting via XML-RPC
- Method where a DoS attack could lead to RCE
- Method to store XSS in post slugs
- Method to bypass protected meta that could lead to arbitrary file deletion
- Method that could lead to CSRF
Kudos to the WordPress Security team for working on this release as well as the different individuals, organizations, and companies who have reported the various bugs and security issues.
I usually hold out upgrading to a new release unless it’s a maintenance and security release like this one. If your blog is set up to support automatic background updates or if your hosting provider does the upgrades for you, then you have nothing to worry about.
If you don’t have automatic updates enabled for your WordPress-powered blog or website, please make sure that you upgrade as soon as possible. You don’t want to delay and wait for something to happen to your site before doing it. Like the popular quotation says “Prevention is better than cure“.
Anyone else upgraded to WordPress 5.5.2? Do you have automatic background update enabled or do you do it manually? Please share your thoughts by leaving a comment below.