WordPress 6.4.3 – Maintenance and Security release
January 30, 2024
This security and maintenance release features 5 bug fixes on Core, 16 bug fixes for the Block Editor, and 2 security fixes. Because this is a security release, it is recommended that you update your sites immediately. Backports are also available for other major WordPress releases, 4.1 and later. You can download WordPress 6.4.3 from…
WordPress 6.4.2 Maintenance & Security Release
December 6, 2023
WordPress 6.4.2 is now available! This minor release features 7 bug fixes in Core. The fixes include a bug fix for an issue causing stylesheet and theme directories to sometimes return incorrect results. This release also features one security fix. Because this is a security release, it is recommended that you update your sites immediately.…
Alert: WordPress Security Team Impersonation Scams
December 4, 2023
The WordPress Security Team is aware of multiple ongoing phishing scams impersonating both the “WordPress team” and the “WordPress Security Team“ in an attempt to convince administrators to install a plugin on their website which contains malware. The WordPress Security Team will never email you requesting that you install a plugin or theme on your…
WordPress 6.3.2 – Maintenance and Security release
October 12, 2023
This security and maintenance release features 19 bug fixes on Core, 22 bug fixes for the Block Editor, and 8 security fixes. WordPress 6.3.2 is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. Because this is a security release, it is recommended…
WordPress 6.2.2 Security Release
May 20, 2023
WordPress 6.2.2 is now available!
WordPress 6.2.1 Maintenance & Security Release
May 16, 2023
WordPress 6.2.1 is now available! This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement. This release also features several security fixes. Because this is a security release, it is…
WordPress 6.0.3 Security Release
October 17, 2022
WordPress 6.0.3 is now available! This release features several security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 6.0.3 is a short-cycle release. The next major release will be version 6.1 planned for November 1, 2022. If…
Dropping security updates for WordPress versions 3.7 through 4.0
September 7, 2022
As of December 1, 2022 the WordPress Security Team will no longer provide security updates for WordPress versions 3.7 through 4.0. These versions of WordPress were first released eight or more years ago so the vast majority of WordPress installations run a more recent version of WordPress. The chances this will affect your site, or…
WordPress 6.0.2 Security and Maintenance Release
August 30, 2022
WordPress 6.0.2 is now available for download. This security and maintenance release features several updates since WordPress 6.0.1 in July 2022. You can review a summary of the key changes in this release by visiting https://make.wordpress.org/core/2022/08/23/wordpress-6-0-2-rc1-is-now-available/.
WordPress 5.9.2 Security and Maintenance Release
March 11, 2022
WordPress 5.9.2 is now available! This security and maintenance release features 1 bug fix in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.9.2 is a security and maintenance release. The next major release…
WordPress 5.8.3 Security Release
January 6, 2022
This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.8.3 is a short-cycle security release. The next major release will be version 5.9, which is already in the Release Candidate stage. You…
WordPress 5.8.2 Security and Maintenance Release
November 10, 2021
WordPress 5.8.2 is now available! This security and maintenance release features 2 bug fixes in addition to 1 security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.2 have also been updated. WordPress 5.8.2 is a small focus security and maintenance release. The next…
WordPress 5.8.1 Security and Maintenance Release
September 9, 2021
WordPress 5.8.1 is now available! This security and maintenance release features 60 bug fixes in addition to 3 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 5.4 have also been updated. WordPress 5.8.1 is a short-cycle security and maintenance release. The next…
WordPress 5.7.2 Security Release
May 13, 2021
WordPress 5.7.2 is now available. This security release features one security fix. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.7.2 is a short-cycle security release. The next major release will be version 5.8. You can update to…
WordPress 5.7.1 Security and Maintenance Release
April 15, 2021
WordPress 5.7.1 is now available! This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated. WordPress 5.7.1 is a short-cycle security and maintenance release. The next…
WordPress 5.4.2 Security and Maintenance Release
June 10, 2020
WordPress 5.4.2 is now available! This security and maintenance release features 23 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.4.1 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions…
WordPress 5.4.1
April 29, 2020
WordPress 5.4.1 is now available! This security and maintenance release features 17 bug fixes in addition to 7 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated. WordPress 5.4.1 is a short-cycle security and maintenance release. The next…
WordPress 5.3.1 Security and Maintenance Release
December 13, 2019
WordPress 5.3.1 is now available! This security and maintenance release features 46 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. WordPress 5.3.1 is a short-cycle maintenance release. The next major release will be version 5.4. You can download WordPress 5.3.1 by clicking the button at the top of this page,…Read Post
WordPress 5.2.4 Update
November 19, 2019
Late-breaking news on the 5.2.4 short-cycle security release that landed October 14. When we released the news post, I inadvertently missed giving props to Simon Scannell of RIPS Technologies for finding and disclosing an issue where path traversal can lead to remote code execution. Simon has done a great deal of work on the WordPress…
WordPress 5.2.4 Security Release
October 14, 2019
WordPress 5.2.4 is now available! This security release fixes 6 security issues. WordPress versions 5.2.3 and earlier are affected by these bugs, which are fixed in version 5.2.4. Updated versions of WordPress 5.1 and earlier are also available for any users who have not yet updated to 5.2. Security Updates Props to Evan Ricafort for finding an…
WordPress 5.2.3 Security and Maintenance Release
September 5, 2019
WordPress 5.2.3 is now available! This security and maintenance release features 29 fixes and enhancements. Plus, it adds a number of security fixes—see the list below. These bugs affect WordPress versions 5.2.2 and earlier; version 5.2.3 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.2, there are also updated versions…
WordPress 5.1.1 Security and Maintenance Release
March 12, 2019
WordPress 5.1.1 is now available! This security and maintenance release introduces 14 fixes and enhancements, including changes designed to help hosts prepare users for the minimum PHP version bump coming in 5.2. This release also includes a pair of security fixes that handle how comments are filtered and then stored in the database. With a maliciously…
WordPress 5.0.1 Security Release
December 13, 2018
WordPress 5.0.1 is now available. This is a security release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. Plugin authors are encouraged to read the 5.0.1 developer notes for information on backwards-compatibility. WordPress versions 5.0 and earlier are affected by the following bugs, which are fixed in version…
WordPress 4.9.7 Security and Maintenance Release
July 5, 2018
WordPress 4.9.7 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.6 and earlier are affected by a media issue that could potentially allow a user with certain capabilities to attempt to delete files outside the uploads…
WordPress 4.9.5 Security and Maintenance Release
April 3, 2018
WordPress 4.9.5 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9.4 and earlier are affected by three security issues. As part of the core team’s ongoing commitment to security hardening, the following fixes have been implemented…
WordPress 4.9.2 Security and Maintenance Release
January 16, 2018WordPress 4.9.2 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. An XSS vulnerability was discovered in the Flash fallback files in MediaElement, a library that is included with WordPress. Because the Flash files are no longer needed for…
WordPress 4.9.1 Security and Maintenance Release
November 29, 2017
WordPress 4.9.1 is now available. This is a security and maintenance release for all versions since WordPress 3.7. We strongly encourage you to update your sites immediately. WordPress versions 4.9 and earlier are affected by four security issues which could potentially be exploited as part of a multi-vector attack. As part of the core team’s…
WordPress 4.8.3 Security Release
October 31, 2017
WordPress 4.8.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.2 and earlier are affected by an issue where $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to…
WordPress 4.8.2 Security and Maintenance Release
September 19, 2017
WordPress 4.8.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.8.1 and earlier are affected by these security issues: $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this…
WordPress 4.7.5 Security and Maintenance Release
May 16, 2017
WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC…
WordPress Now on HackerOne
May 15, 2017
WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve their tools and processes. Today, the WordPress Security Team is happy to announce that WordPress is now officially…
WordPress 4.7.3 Security and Maintenance Release
March 6, 2017
WordPress 4.7.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.2 and earlier are affected by six security issues: Cross-site scripting (XSS) via media file metadata. Reported by Chris Andrè Dale, Yorick Koster, and Simon P. Briggs. Control characters can trick redirect…
WordPress 4.7.2 Security Release
January 26, 2017
WordPress 4.7.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.1 and earlier are affected by three security issues: The user interface for assigning taxonomy terms in Press This is shown to users who do not have permissions to use it.…
WordPress 4.7.1 Security and Maintenance Release
January 11, 2017
WordPress 4.7 has been downloaded over 10 million times since its release on December 6, 2016 and we are pleased to announce the immediate availability of WordPress 4.7.1. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7 and earlier are affected by eight security issues:…
WordPress 4.6.1 Security and Maintenance Release
September 7, 2016
WordPress 4.6.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.6 and earlier are affected by two security issues: a cross-site scripting vulnerability via image filename, reported by SumOfPwn researcher Cengiz Han Sahin; and a path traversal vulnerability in…
WordPress 4.5.3 Maintenance and Security Release
June 18, 2016
WordPress 4.5.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.2 and earlier are affected by several security issues: redirect bypass in the customizer, reported by Yassine Aboukir; two different XSS problems via attachment names, reported by Jouko Pynnönen and Divyesh Prajapati; revision history information disclosure, reported…
WordPress 4.5.2 Security Release
May 6, 2016
WordPress 4.5.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.5.1 and earlier are affected by a SOME vulnerability through Plupload, the third-party library WordPress uses for uploading files. WordPress versions 4.2 through 4.5.1 are vulnerable to reflected XSS…
WordPress 4.4.2 Security and Maintenance Release
February 2, 2016
WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs, reported by Ronni Skansing; and an open redirection attack, reported by Shailesh Suthar. Thank you…
WordPress 4.4.1 Security and Maintenance Release
January 6, 2016
WordPress 4.4.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4 and earlier are affected by a cross-site scripting vulnerability that could allow a site to be compromised. This was reported by Crtc4L. There were also several non-security bug fixes: Emoji…
WordPress 4.3.1 Security and Maintenance Release
September 15, 2015
WordPress 4.3.1 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses three issues, including two cross-site scripting vulnerabilities and a potential privilege escalation. WordPress versions 4.3 and earlier are vulnerable to a cross-site scripting vulnerability when processing shortcode tags (CVE-2015-5714). Reported by…
WordPress 4.2.4 Security and Maintenance Release
August 4, 2015
WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí…
WordPress 4.2.3 Security and Maintenance Release
July 23, 2015
WordPress 4.2.3 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and…
WordPress 4.2.2 Security and Maintenance Release
May 7, 2015
WordPress 4.2.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Version 4.2.2 addresses two security issues: The Genericons icon font package, which is used in a number of popular themes and plugins, contained an HTML file vulnerable to a cross-site…
WordPress 4.2.1 Security Release
April 27, 2015
WordPress 4.2.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. A few hours ago, the WordPress team was made aware of a cross-site scripting vulnerability, which could enable commenters to compromise a site. The vulnerability was discovered by Jouko Pynnönen.…
WordPress 4.1.2 Security Release
April 21, 2015
WordPress 4.1.2 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.1.1 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site. This was reported by Cedric Van Bockhaven and fixed by…
WordPress 4.0.1 Security Release
November 20, 2014
WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately. Sites that support automatic background updates will be updated to WordPress 4.0.1 within the next few hours. If you are still on WordPress 3.9.2, 3.8.4, or 3.7.4, you will be…
WordPress 3.9.2 Security Release
August 6, 2014
WordPress 3.9.2 is now available as a security release for all previous versions. We strongly encourage you to update your sites immediately. This release fixes a possible denial of service issue in PHP’s XML processing, reported by Nir Goldshlager of the Salesforce.com Product Security Team. It was fixed by Michael Adams and Andrew Nacin of the WordPress…
WordPress 3.8.2 Security Release
April 8, 2014
WordPress 3.8.2 is now available. This is an important security release for all previous versions and we strongly encourage you to update your sites immediately. This releases fixes a weakness that could let an attacker force their way into your site by forging authentication cookies. This was discovered and fixed by Jon Cave of the WordPress…
WordPress 3.7.1 Maintenance Release
October 29, 2013
WordPress 3.7.1 is now available! This maintenance release addresses 11 bugs in WordPress 3.7, including: Images with captions no longer appear broken in the visual editor. Allow some sites running on old or poorly configured servers to continue to check for updates from WordPress.org. Avoid fatal errors with certain plugins that were incorrectly calling some…
WordPress 3.6.1 Maintenance and Security Release
September 11, 2013
After nearly 7 million downloads of WordPress 3.6, we are pleased to announce the availability of version 3.6.1. This maintenance release fixes 13 bugs in version 3.6, which was a very smooth release. WordPress 3.6.1 is also a security release for all previous WordPress versions and we strongly encourage you to update your sites immediately.…
