On June 10, 2020, WordPress 4.7.18 was released to the public.
To download WordPress 4.7.18, visit WordPress releases archive.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Five security issues affect WordPress versions 5.4 and earlier.
- Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect()
- Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
- Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation
List of Files Revised
wp-admin/themes.php wp-admin/includes/misc.php wp-admin/includes/media.php wp-includes/comment-template.php wp-includes/comment.php wp-includes/default-filters.php wp-includes/embed.php wp-includes/pluggable.php wp-includes/version.php