WordPress 5.5.2 Security Update
WordPress 5.5.2 was released on October 29 as an security update which fixes ten vulnerabilities and improves the overall security.
Security Fixes
- Hardening deserialization requests.
- Fix to disable spam embeds from disabled sites on a multisite network.
- XSS from global variables.
- Privilege escalation in post commenting via XML-RPC.
- DoS attack could lead to RCE.
- XSS in post slugs.
- Bypass protected meta that could lead to arbitrary file deletion.
- Closed a vulnerability which could lead to CSRF.
WordPress 5.5.3 Fix Update
On October 30 WordPress released a new update that contains a fix for an issue where on a brand new website without a database connection configured, WordPress couldn’t be installed.
This release does not affect sites where a database connection is already configured.
Remember to create a backup before installing udpates.
