WordPress 5.8.1 is now live and fighting website vulnerabilities

WordPress has unveiled a security and maintenance release to fix three security issues affecting versions 5.4 through 5.8 of its platform.

Resolved issues include a data exposure vulnerability in the REST API, an XSS vulnerability in the Gutenberg Block Editor, and several critical vulnerabilities in the Lodash JavaScript library.

WordPress 5.8.1 is live and available to the public, and all versions since 5.4 have also been updated to address the mentioned vulnerabilities.

Another WordPress update

Overall, the first version of WordPress 5.8.1 offers 41 bug fixes for Core, as well as 20 bug fixes for the block editor.

The post was led by WordPress staff Jonathan Desrosiers and Evan Mullins, who in a blog post thanked everyone who reported the vulnerabilities during the WordPress 5.8 beta testing period. These alerts gave the company’s security team time to resolve the issues before WordPress sites could be attacked.

Security issues explained

A REST API is an application programming interface (API or Web API) that conforms to the constraints of the REST architectural style and allows interaction with RESTful web services.

Cross-Site Scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise interactions that users have with a vulnerable application.

The Lodash library has been updated to version 4.17.21 in each branch to incorporate upstream security fixes.

These patched security vulnerabilities are an important part of updating WordPress as they are complete outside of the scope of routine maintenance updates that typically occur.

Comments are closed.