Heads-up to all WordPress users! Upgrade your WordPress installation ASAP! In case you missed it, WordPress 5.8.3 Security Release was made available earlier today by the security team.
Just like with previous security & maintenance releases or security releases, it is strongly recommended that all users should immediately upgrade their WordPress-powered sites to the latest version. This specific release, WordPress 5.8.3 contains four security fixes and is a short-cycle security release, meaning the next major release will be version 5.9.
From the official WordPress blog:
Four security issues affect WordPress versions between 3.7 and 5.8. If you have not yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):
Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.
Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.
Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.
Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).
For those of you who already set up automatic background updates for your WordPress installation, then you do not have to do anything. Your site will be automatically upgraded to the latest version. For those who have not enabled automatic background updates or not familiar with this feature, you can do so by logging in to your WordPress Dashboard> Updates and then click Update Now.
Again, kudos to the hardworking WordPress security team for addressing the issues and releasing WordPress 5.8.3.
Have you already upgraded your WordPress site to WordPress 5.8.3? If not, what are you waiting for? Do it now!