Today, October 17, 2022, WordPress released version 6.0.3! This is an important release because it fixes several vulnerabilities. No new major functionality was introduced, and no new features. However, since it improves security, it should be applied if you run a WordPress website.
Remember, first, take a backup of the site! Safety First!
Once you have a backup, then you can apply the update.
Security updates included in this release
The list of updates may be a little technical, but include:
- Stored XSS via wp-mail.php (post by email)
- Open redirect in “wp_nonce_ays”
- Sender’s email address is exposed in wp-mail.php
- Media Library – Reflected XSS via SQLi
- CSRF in wp-trackback.php
- Stored XSS via the Customizer
- Revert shared user instances introduced in 50790
- Stored XSS in WordPress Core via Comment Editing
- Data exposure via the REST Terms/Tags Endpoint
- Content from multipart emails leaked
- SQL Injection due to improper sanitization in “WP_Date_Query”
- RSS Widget: Stored XSS issue
- Stored XSS in the search block
- Feature Image Block: XSS issue
- RSS Block: Stored XSS issue
- Fix widget block XSS
You can read the official WordPress announcement of version 6.0.3.
Hi Paul,
It looks like these minor updates are happening automagically on my site.
So far so good.
Depending on what your settings are for the updates on your website, yes – they could be happening automagically!
Thank you for this reminder!! I need to make a few updates for my blog, including this one~
You are welcome!