WordPress has unveiled a security and maintenance release to fix three security issues affecting versions 5.4 to 5.8 of its platform.
The fixed issues include a data exposure vulnerability within the REST API, an XSS vulnerability in the Gutenberg block editor and multiple critical vulnerabilities in the Lodash JavaScript Library.
WordPress 5.8.1 is live and available to the public, and all versions since 5.4 have also been updated to fix the mentioned vulnerabilities.
- We've built a list of the best website builders available
- These are the best WordPress plugins on the market
- Also, check out our list of the best managed WordPress hosting
Another WordPress update
Overall, WordPress 5.8.1 release candidate one features 41 bug fixes on Core, as well as 20 bug fixes for the Block Editor.
The release was led by WordPress staff, Jonathan Desrosiers and Evan Mullins, who in a blog post thanked all those for reporting the vulnerabilities during the WordPress 5.8 beta testing period. These alerts gave the company's security team time to fix the issues before any WordPress sites could be attacked.
Security issues explained
A REST API is an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services.
Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application.
The Lodash library was updated to version 4.17.21 in each branch to incorporate upstream security fixes.
These security vulnerabilities that were fixed is an important part of the WordPress update as it is complete outside the remit of the common maintenance updates that usually occurs.
- Here is a list of the best WordPress themes for blogs
