Skip to content

Version 5.9.10

Compare
Choose a tag to compare
@wordpress-packager wordpress-packager released this 24 Jun 19:45
· 3 commits to main since this release
41ff6e2

Sourced from WordPress.org Documentation.

Summary

Security updates

This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team and Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
  • A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
  • A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.