Multiple Cross-Site Scripting (XSS) Vulnerability Discovered in WordPress < 5.4.1

WordPress Core version 5.4.1 has just been released. Since this release is marked as a combined security and bug fix update, we recommend updating as soon as possible. All in all this release contains 7 security fixes, 5 of which are XSS (Cross-Site Scripting) vulnerabilities. Vulnerabilities include

• Password reset tokens failed to be properly invalidated
• Certain private posts can be viewed by unauthenticated users
• Two XSS Issues in the Customizer
• An XSS issue in the Search Block
• An XSS issue in wp-object-cache
• An XSS issue in file uploads
• An authenticated XSS issue in the block editor