- The WordPress team announced the general availability of WordPress 6.0.3, which comes with various security updates.
- WordPress 6.0.3 is a short-cycle security release. The next major release will be named WordPress 6.0.1 and will be released on November 1.
- Since WordPress 6.0.3 is a security update, users are urged to install the latest version as soon as possible.
The WordPress team announced the release of WordPress 6.0.3, featuring multiple security fixes. Since it is a security release, users are advised to install the update as soon as possible. All versions since WordPress 3.7 have also been updated. WordPress 6.0.3 is a short-cycle release and the next major release, WordPress 6.1, is expected to be released on the 1st of November.
Security release
Websites with automatic background updates will automatically update the WordPress version. Admins can also click “Updates” then “Update Now” on the WordPress Dashboard. Users can also download WordPress 6.0.3 from its official website. Security updates included in the release are:
- Stored XSS via wp-mail.php
- Open redirect in `wp_nonce_ays`
- Sender’s email address is exposed in wp-mail.php
- Media Library – Reflected XSS via SQLi
- CSRF in wp-trackback.php
- Stored XSS via the Customizer
- Revert shared user instances
- Stored XSS in WordPress Core via Comment Editing
- Data exposure via the REST Terms/Tags Endpoint
- Content from multipart emails leaked
- SQL Injection due to improper sanitization in `WP_Date_Query`
- RSS Widget: Stored XSS issue
- Stored XSS in the search block
- Feature Image Block: XSS issue
- RSS Block: Stored XSS issue
- Fix widget block XSS