WordPress 6.0.3 was released today. We’re in the process of testing it and will be upgrading all of our maintenance clients’ sites over the next few days. This is a security update so we recommend that all site owners apply the update. If your site is mission-critical or you have any reservations about upgrading, either test it on a staging site or take a backup of your site before upgrading. If you need assistance or have questions, please don’t hesitate to reach out to us. The next significant release will be WordPress 6.1 which is expected on 11/1/22.
WordPress 6.0.3 Security Fixes:
The following vulnerabilities are among the fixes in WordPress 6.0.3 :
- Stored XSS via wp-mail.php (post by email).
- Open redirect in `wp_nonce_ays`
- Sender’s email address is exposed in wp-mail.php
- Media Library – Reflected XSS via SQLi
- CSRF in wp-trackback.php
- Stored XSS via the Customizer
- Revert shared user instances introduced in 50790
- Stored XSS in WordPress Core via Comment Editing
- Data exposure via the REST Terms/Tags Endpoint
- Content from multipart emails leaked
- SQL Injection due to improper sanitization in `WP_Date_Query`
- RSS Widget: Stored XSS issue
- Stored XSS in the search block
- Feature Image Block: XSS issue
- RSS Block: Stored XSS issue
- Fix widget block XSS
Should You Upgrade?
We typically recommend upgrading WordPress within a few days of an update’s release date. This is a security update so we recommend prioritizing the upgrade. We’ve already started rolling out the update to some of our maintenance clients’ sites, as well as our own.
Again, sites that require near 100% uptime or sites with old or abandoned plug-ins should consider testing the update on a staging server. The same is true for anyone that has concerns about a potential impact on their site. If you don’t have access to a staging server, we can help – just reach out to us for a complimentary consultation. We can recommend a solution that best suits your needs. Clients on our hosting plans have a staging server available for us to do the testing for them.
0 Comments