Title: Version 5.0.10
Author: Jb Audras
Published: June 10, 2020

---

# Version 5.0.10

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#summary)
    - [Security updates](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#security-updates)
    - [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#wp--skip-link--target)

On June 10, 2020, WordPress 5.0.10 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#installation-update-information)󠁿

To download WordPress 5.0.10, visit [WordPress releases archive](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/documentation/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/documentation/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/documentation/article/wordpress-lessons/)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#summary)󠁿

### 󠀁[Security updates](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#security-updates)󠁿

Five security issues affect WordPress versions 5.4 and earlier.

 * Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated
   users with low privileges are able to add JavaScript to posts in the block editor
 * Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated
   users with upload permissions are able to add JavaScript to media files.
 * Props to Ben Bidner of the WordPress Security Team for finding an open redirect
   issue in _wp\_validate\_redirect()_
 * Props to [Nrimo Ing Pandum](http://apapedulimu.click/) for finding an authenticated
   XSS issue via theme uploads
 * Props to [Simon Scannell of RIPS Technologies](https://blog.ripstech.com/authors/simon-scannell)
   for finding an issue where _set-screen-option_ can be misused by plugins leading
   to privilege escalation
 * Props to [Carolina Nymark](https://profiles.wordpress.org/poena/) for discovering
   an issue where comments from password-protected posts and pages could be displayed
   under certain conditions.

### 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-0-10/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    wp-admin/themes.php
    wp-admin/includes/misc.php
    wp-admin/includes/media.php
    wp-includes/default-filters.php
    wp-includes/embed.php
    wp-includes/pluggable.php
    wp-includes/version.php
    package-lock.json
    package.json
    wp-comments-post.php
    ```

First published

June 10, 2020

Last updated