WordPress 5.9.2 was released March 10th, 2022. This update includes 1 bug fix as well as patches for one high-severity vulnerability and two medium-severity security issues.
Per Our Friends at Wordfence:
“The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts.”
The two medium-severity vulnerabilities impact WordPress versions earlier than 5.9.2 and potentially allow attackers to execute arbitrary JavaScript in a user’s session if they can trick that user into clicking a link, though there are no known practical exploits for these two vulnerabilities affecting WordPress.”
What Should You Do?
All versions of WordPress between 3.7 and 5.9 have had updates released for them to patch these issues.
All ESC! Technologies Group clients who subscribe to one of our WordPress Care Plans have already been updated to WordPress 5.9.2. There is nothing further you need to do.
If you manage your own site: WordPress is pushing updates to all sites that are set to receive automatic security and maintenance updates, but if your site has not been automatically updated yet, we recommend you back up your site & database and upgrade to WordPress 5.9.2 immediately.
Links – Further Reading
More information about this Security and Maintenance release can be found here: https://wordpress.org/news/2022/03/wordpress-5-9-2-security-maintenance-release/
Wordfence’s Analysis of the Vulnerability may be found here: https://www.wordfence.com/blog/2022/03/wordpress-5-9-2-security-update-fixes-xss-and-prototype-pollution-vulnerabilities/
Updating Your Site
If you’re not subscribed to one of ESC! Technologies Group’s WordPress Care Plans, then before upgrading you’ll want to be sure to:
1. Ensure compatibility with and/or Upgrade all your third party plugins
2. Ensure compatibility with your theme and framework and upgrade if necessary
3. Turn off any caching plugins you may have installed
4. Perform a full backup of your site and database
5. Upgrade
6. After the upgrade is complete, re-enable your caching plugins and test your site
If you have any questions, or would like to learn more about our WordPress care plans, please Contact Us.