WordPress 6.5.2 Maintenance and Secure Publishing

Note: WordPress 6.5.1 was not released due to initial package issues. 6.5.2 is the first minor release of WordPress 6.5.

This security and maintenance release fixes2 Core errors,12 Block Editor Bug Fixesand 1 security fix. The same vulnerability affects both the core WordPress system and the Gutenberg plugin, both of which are problematic.

A more secure version is now available and we strongly recommend you update your site as soon as possible!. Also, WordPress.org offers backward porting so that other major WordPress versions (6.1 and above) can be easily upgraded to ensure that your site is safe and secure.

You can easily update your WordPress to the latest version 6.5.2 in two ways: one is directly from our website'snavigation barClick "Download WordPress", then select "WordPress Latest Version"Download; secondly, in yourWordPress DashboardInside, click on "update", then click on "Immediate Updates". If your site supports automatic background updates, then the update process will start automatically without you having to do it manually.

WordPress 6.5.2 is a short-cycle release, and the next major releaseWordPress6.6It is planned that theJuly 16, 2024Release. In order to keep your website secure and functionality up-to-date, it is recommended that you keep an eye on it and update it to the latest version, or feel free to follow ourWhat's New in WordPressThe

Cross Site Scripting (XSS)

An XSS vulnerability has been discovered in WordPress that could allow hackers to sneak in malicious scripts on websites. Once the hacker succeeds, those users who visit these pages are vulnerable.

There are three main types of XSS vulnerabilities, but the most common within WordPress plugins, themes, and itself are Reflected XSS and Stored XSS.

Reflexive XSS requires the user to click on a specific link, which makes it more difficult for hackers to attack, as it also requires the user to cooperate in order to carry out the attack.

Stored XSS is a more serious type of vulnerability because it allows hackers to upload malicious scripts to a website and then attack people who visit that website. This time the vulnerability found in WordPress is of this type.

But the good news is that the threat isn't that scary because it requires the hacker to get some access to the site first, at least at the contributor level, in order to exploit the vulnerability.

This vulnerability is rated as a medium threat, with a score of 6.4 out of 10 according to the Common Vulnerability Scoring System (CVSS) scoring.

Wordfence describes the vulnerability:

"Due to insufficient output escaping on display names, WordPress Core is susceptible to stored cross-site scripting attacks via the user's display name in the Avatar block in versions 6.5.2 and earlier. This allows an authenticated attacker with Contributor level access and above to inject arbitrary web scripts into a page, which are executed whenever a user visits the injected page."

Whether it's WordPress officials or us, a loyal WordPress user with years of development experience, users are advised to update your site as soon as possible to avoid some unnecessary troubles from arising.