Vulnerabilities discovered in WordPress 5.3

Several vulnerabilities have been discovered in WordPress distributions up to version 5.3.

Published January 9, 2020

We encourage our clients to update their WordPress installations to the latest, secure version

Several vulnerabilities have been discovered in WordPress distributions up to version 5.3.

The vulnerabilities discovered allow remote attackers being able to perform various Cross-Side Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks, create open redirects, poison cache, and bypass authorization access and input sanitation.

These vulnerabilities have been addressed and resolved in the latest WordPress version 5.3.1+.

Our team would like to kindly encourage our clients to update their WordPress installations to the latest, secure version to protect your website any of the mentioned attacks.

Additionally please consider reading our Basic WordPress security and site management guide for further recommendations to secure your WordPress website.

If you don’t update your WordPress version, and unfortunately your website is compromised by one of the above attacks, you may find this article helpful How to prevent a WordPress website from being hacked and what to do if it is.