WordPress 6.2.1 was released today. Those with automatic background updates enabled should see a notice in their email, as updates rolled out earlier today.

This is a maintenance and security release that includes important fixes for five security vulnerabilities outlined by core contributor and release co-lead Jb Audras:

  • Block themes parsing shortcodes in user generated data
  • A CSRF issue updating attachment thumbnails
  • A flaw allowing XSS via open embed auto discovery
  • Bypassing of KSES sanitization in block attributes for low privileged users
  • A path traversal issue via translation files

The patches were backported to WordPress 4.1.

Now that these vulnerabilities are public, it’s recommended that users update immediately.

WordPress 6.2.1 also includes 20 core bug fixes and 10 fixes for the block editor, all detailed with ticket numbers in the release candidate post.

Incase You need a wordpress designer in Uganda, Host256 will be glad to offer its services to you as we have been in the field for over 5 years and hence can deliver high quality works.

Call or whatsapp +256782195634 to contact us