WordPress has issued a critical security update, version 6.5.5, to address severe vulnerabilities that threaten the security of millions of websites. This release also includes three core bug fixes and is highly recommended for immediate installation.
Major Security Patches
The WordPress 6.5.5 update resolves three major security flaws:
- XSS Vulnerability in HTML API: Discovered by Dennis Snell, Alex Concha, and Greg Ziółkowski, this vulnerability allows attackers to inject harmful scripts into web pages viewed by others.
- XSS Vulnerability in Template Part Block: Identified by Rafie Muhammad of Patchstack during a third-party security audit, this issue could let attackers execute arbitrary scripts in user sessions.
- Path Traversal Issue on Windows Servers: Reported by multiple researchers including Rafie M, Edouard L, David Fifield, x89, apple502j, and mishre, this flaw could permit unauthorized access to restricted server directories and files, risking data breaches.
🔒WordPress 6.5.5, released June 24, 2023, fixes XSS and Directory Traversal vulnerabilities. Ensure your site has auto-updated; if not, update manually ASAP. #WordPressSecurity #WordPress🔒 https://t.co/tGaFpaNYzP
— Wordfence (@wordfence) June 25, 2024
How to Update
To ensure your WordPress site is protected, follow these steps to update to version 6.5.5:
- Download from WordPress.org: Access the latest version directly from the official website.
- Update via WordPress Dashboard: Go to the Dashboard, click on “Updates,” and select “Update Now.”
- Automatic Updates: For sites with automatic updates enabled, the process will initiate on its own.
⚠️ATTENTION #WordPress users!
WordPress 6.5.5 was released, with #security fixeshttps://t.co/noUVSha6Zq
If you haven’t updated already, make sure to do so as soon as possible.
— Ethernet Servers (@EthernetServers) June 26, 2024
Why Immediate Update is Essential
It’s crucial for WordPress site administrators to update their installations right away to prevent exposure to potential attacks. Postponing updates can lead to data loss, unauthorized access, and other severe security breaches.
The 6.5.5 update is part of a short-cycle release, with the next major release, version 6.6, slated for July 16, 2024. This future release will introduce significant enhancements and new features to improve the platform’s functionality and user experience.
Keeping your WordPress site updated is vital for security and performance.
Start Growing with Cloudways Today.
Our Clients Love us because we never compromise on these
Abdul Rehman
Abdul is a tech-savvy, coffee-fueled, and creatively driven marketer who loves keeping up with the latest software updates and tech gadgets. He's also a skilled technical writer who can explain complex concepts simply for a broad audience. Abdul enjoys sharing his knowledge of the Cloud industry through user manuals, documentation, and blog posts.
