Multiple Cross-Site Scripting (XSS) Vulnerability Discovered in WordPress < 5.4.1
https://www.wordfence.comWordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. All in all this release contains 7 security fixes, 5 of which are XSS (Cross-Site Scripting) vulnerabilities. Vulnerabilities include
- Password reset tokens failed to be properly invalidated
- Certain private posts can be viewed by unauthenticated users
- Two XSS Issues in the Customizer
- An XSS issue in the Search Block
- An XSS issue in wp-object-cache
- An XSS issue in file uploads
- An authenticated XSS issue in the block editor