WordPress has a new Security and Maintenance Release so please update your websites as soon as possible if they haven’t updated automatically yet. This release includes 14 fixes, it’s a short-cycle maintenance release, so according to WordPress team, there will be another update in the matter of several weeks.
What’s fixed? Well, there were several critical security issues one of them related to comments (filtering and storing them in the database) which allowed to execute Cross-Site Scripting (XSS) attack by the maliciously crafted comment. This WordPress vulnerability discovered by Simon Scannell from RIPS Technologies. All latest versions like 5.1 and earlier releases are affected so once again – please update now!
I need to mention that this Security and Maintenance update includes some changes designed to help hosts prepare users for the minimum PHP version bump coming in WordPress 5.2 version. Till now the minimum PHP version was 5.5, but it will rise to 5.6 with WordPress 5.2 version release. I don’t know why it is decided to increase the minimum version of PHP to 5.6 instead of immediately up to version 7.x since it is more secure and way faster. However, I’m glad that WordPress and most of its popular plugins and themes already have PHP 7.x support.
WordPress 5.1.1 fixes mentioned on Trac
- Add possibility to set a higher recommended PHP version for the “Update PHP notice”
- Provide a way for hosts to create a correctly labeled button or link to directly upgrade PHP
- Remove trailing space from strings
- Build: Minify images
- Return type/value of get_site is not being checked in wp_insert_site
- 5.1 About page invalid HTML
- Custom HTML Issues
- Properly re-fill the
`$meta`param of deprecated
- Drop background on #menu-management on Admin Menus screen
I have a short reminder. WordPress pushes their Security and Maintenance releases through automatic updates (if they are not disabled). However, this is not valid for plugins and themes, and you need to update them manually. Take advantage of the ThreatPress Security plugin for WordPress, get up-to-date information on vulnerabilities in WordPress plugins, themes and even in WP core. Respond timely to security threats.