On October 29, 2020, WordPress 5.5.2 was released to the public.
To download WordPress 5.5.2, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://help.codibu.com/blog/kb/releases/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Ten security issues affect WordPress versions 5.5 and earlier; version 5.5.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.5, there are also updated versions of 5.4 and earlier that fix the security issues.
- Props to Alex Concha of the WordPress Security Team for their work in hardening deserialization requests.
- Props to David Binovec on a fix to disable spam embeds from disabled sites on a multisite network.
- Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS from global variables.
- Thanks to Justin Tran who reported an issue surrounding privilege escalation in XML-RPC. He also found and disclosed an issue around privilege escalation around post commenting via XML-RPC.
- Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
- Thanks to Karim El Ouerghemmi from RIPS who disclosed a method to store XSS in post slugs.
- Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a method to bypass protected meta that could lead to arbitrary file deletion.
- And a special thanks to @zieladam who was integral in many of the releases and patches during this release.
WordPress 5.5.2 also fixes some regressions introduced in version 5.5:
- #51130 – Events displayed in venue timezone instead of user’s
- #51659 – Update Gutenberg Dependencies for WordPress 5.5.2
- #50861 – Remove Facebook and Instagram as an oEmbed Source
- #50903 – Set the local environment to a development environment type by default
- #50949 – Posts show wrong time when user is in a different time zone than the site’s
- #51053 – Video Embeds set to align left disappear in Gutenberg editor
- #51175 – Wrong reply box title
- #51219 – Theme editor page showing undefined variable notice
- #51251 – Fix PHP notice when opening the edit image popup
- #51263 – PHP warning when editing comments in the administration comment edit screen
- #51320 – PHP Notice while moving post to trash (post_type has 2 registered taxonomies both with default_term set)
- #51400 – Undefined index during automatic plugin/theme updates
- #51595 – Unable to make anonymous comments via XML-RPC
- #51645 – Undefined index: echo in core files
wp-admin/about.php wp-admin/admin-header.php wp-admin/comment.php wp-admin/includes/ajax-actions.php wp-admin/includes/class-custom-background.php wp-admin/includes/class-custom-image-header.php wp-admin/includes/class-wp-automatic-updater.php wp-admin/includes/class-wp-community-events.php wp-admin/includes/dashboard.php wp-admin/includes/media.php wp-admin/includes/ms.php wp-admin/includes/template.php wp-admin/js/custom-background.js wp-admin/js/custom-background.min.js wp-admin/js/dashboard.js wp-admin/js/dashboard.min.js wp-admin/js/media-gallery.js wp-admin/js/media-gallery.min.js wp-admin/media-new.php wp-admin/network/site-users.php wp-includes/Requests/Utility/FilteredIterator.php wp-includes/assets/script-loader-packages.php wp-includes/class-wp-oembed.php wp-includes/class-wp-xmlrpc-server.php wp-includes/comment-template.php wp-includes/css/dist/block-editor/style-rtl.css wp-includes/css/dist/block-editor/style-rtl.min.css wp-includes/css/dist/block-editor/style.css wp-includes/css/dist/block-editor/style.min.css wp-includes/css/dist/block-library/editor-rtl.css wp-includes/css/dist/block-library/editor-rtl.min.css wp-includes/css/dist/block-library/editor.css wp-includes/css/dist/block-library/editor.min.css wp-includes/css/dist/components/style-rtl.css wp-includes/css/dist/components/style-rtl.min.css wp-includes/css/dist/components/style.css wp-includes/css/dist/components/style.min.css wp-includes/embed.php wp-includes/functions.php wp-includes/general-template.php wp-includes/images/crystal/license.txt wp-includes/js/comment-reply.js wp-includes/js/comment-reply.min.js wp-includes/js/dist/block-editor.js wp-includes/js/dist/block-editor.min.js wp-includes/js/dist/block-library.js wp-includes/js/dist/block-library.min.js wp-includes/js/dist/blocks.js wp-includes/js/dist/blocks.min.js wp-includes/js/dist/components.js wp-includes/js/dist/components.min.js wp-includes/js/dist/editor.js wp-includes/js/dist/editor.min.js wp-includes/meta.php wp-includes/post.php wp-includes/script-loader.php wp-includes/version.php
@popperjs/core: 2.5.3 @wordpress/block-directory: 1.13.8 @wordpress/block-editor: 4.3.8 @wordpress/block-library: 2.22.8 @wordpress/blocks: 6.20.4 @wordpress/components: 10.0.7 @wordpress/core-data: 2.20.4 @wordpress/edit-post: 3.21.8 @wordpress/editor: 9.20.8 @wordpress/format-library: 1.22.8 @wordpress/icons: 2.4.1 @wordpress/interface: 0.7.7 @wordpress/list-reusable-blocks: 1.21.7 @wordpress/nux: 3.20.7 @wordpress/plugins: 2.20.4 @wordpress/server-side-render: 1.16.7 body-scroll-lock: 3.1.5 compute-scroll-into-view: 1.0.16 dotenv: 8.2.0 re-resizable: 6.7.0 react-easy-crop: 3.2.2 react-use-gesture: 7.0.16 simple-html-tokenizer: 0.5.10 tinycolor2: 1.4.2 ua-parser-js: 0.7.22 uc.micro: version: 1.0.6