Skip to main content

WordPress 5.8.1 is now live and taking the fight to website vulnerabilities

WordPress logo
(Image credit: Pixabay)

WordPress has unveiled a security and maintenance release to fix three security issues affecting versions 5.4 to 5.8 of its platform.

The fixed issues include a data exposure vulnerability within the REST API, an XSS vulnerability in the Gutenberg block editor and multiple critical vulnerabilities in the Lodash JavaScript Library.

WordPress 5.8.1 is live and available to the public, and all versions since 5.4 have also been updated to fix the mentioned vulnerabilities.

Another WordPress update

Overall, WordPress 5.8.1 release candidate one features 41 bug fixes on Core, as well as 20 bug fixes for the Block Editor. 

The release was led by WordPress staff, Jonathan Desrosiers and Evan Mullins, who in a blog post thanked all those for reporting the vulnerabilities during the WordPress 5.8 beta testing period. These alerts gave the company's security team time to fix the issues before any WordPress sites could be attacked.

Security issues explained 

A REST API is an application programming interface (API or web API) that conforms to the constraints of REST architectural style and allows for interaction with RESTful web services.

Cross-site scripting (also known as XSS) is a web security vulnerability that allows an attacker to compromise the interactions that users have with a vulnerable application.

The Lodash library was updated to version 4.17.21 in each branch to incorporate upstream security fixes.

These security vulnerabilities that were fixed is an important part of the WordPress update as it is complete outside the remit of the common maintenance updates that usually occurs. 

Abigail Opiah

Abigail is a B2B Editor that specialises in Web Hosting and Cloud Services news at TechRadar Pro. She has been a journalist for more than three years covering a wide range of topics in the technology sector. She is now interested in receiving the latest B2B news and updates on website builders, domains, e-commerce platforms and Web hosting.