WordPress 5.8.3 Security Release

WordPress 5.8.3 is a security update that addresses some recently discovered vulnerabilities as shown below.

  • Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
  • Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
  • Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
  • Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).

All of my hosted clients have already been upgraded, and many other managed WordPress hosts have also already pushed out the security update to their clients.