WordPress 5.7.1 was released today. This important update includes 26 bug fixes as well as patches for two security issues: an XXE vulnerability within the media library affecting PHP 8 and a data exposure vulnerability within the REST API.
Versions of WordPress between 4.7 and 5.7 are affected by these flaws and all versions since WordPress 4.7 have had updates released for them. WordPress is pushing updates to all sites that are set to receive automatic security and maintenance updates, but if your site has not been automatically updated yet, we recommend you back up your site & database and upgrade to WordPress ver. 5.7.1 immediately.
NOTE! All ESC! Technologies Group clients who subscribe to one of our WordPress Care Plans have already been updated to WordPress 5.7.1. There is nothing further you need to do.
More information about this Security and Maintenance release can be found here: https://wordpress.org/news/2021/04/wordpress-5-7-1-security-and-maintenance-release/
Updating Your Site
If you’re not subscribed to one of ESC! Technologies Group’s WordPress Care Plans, then before upgrading you’ll want to be sure to:
1. Ensure compatibility with and/or Upgrade all your third party plugins
2. Ensure compatibility with your theme and framework and upgrade if necessary
3. Turn off any caching plugins you may have installed
4. Perform a full backup of your site and database
6. After the upgrade is complete, re-enable your caching plugins and test your site