WordPress 5.4.1 was released on April 29 and features 17 bug fixes in addition to 7 security fixes. This update should be installed as soon as possible to fix the open vulnerabilities.
All WordPress versions since 3.7 have an update available to fix the vulnerabilities.
Security Fixes
The following vulnerabilities have been found:
- Password reset tokens were not properly invalidated
- Certain private posts can be viewed unauthenticated
- XSS issue in the Customizer
- An issue in the search block
- XSS in wp-object-cache
- XSS in file uploads
- XSS vulnerability in the WordPress customizer
- Authenticated XSS issue in the block editor
More information about this update can be found on wordpress.org.
Remember to create a backup before installing updates.
