Title: Version 5.1.7
Author: Jb Audras
Published: October 29, 2020

---

# Version 5.1.7

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-1-7/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-5-1-7/?output_format=md#summary)
    - [Security updates](https://wordpress.org/documentation/wordpress-version/version-5-1-7/?output_format=md#security-updates)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-5-1-7/?output_format=md#wp--skip-link--target)

On October 29, 2020, WordPress 5.1.7 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-1-7/?output_format=md#installation-update-information)󠁿

To download this version, update automatically from the Dashboard > Updates menu
in your site’s admin area or visit [WordPress releases archive](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/documentation/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/documentation/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/documentation/article/wordpress-lessons/)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-5-1-7/?output_format=md#summary)󠁿

### 󠀁[Security updates](https://wordpress.org/documentation/wordpress-version/version-5-1-7/?output_format=md#security-updates)󠁿

 * Props to Alex Concha of the WordPress Security Team for their work in hardening
   deserialization requests.
 * Props to David Binovec on a fix to disable spam embeds from disabled sites on
   a multisite network.
 * Thanks to Marc Montas from Sucuri for reporting an issue that could lead to XSS
   from global variables.
 * Thanks to Justin Tran who reported an issue surrounding privilege escalation 
   in XML-RPC. He also found and disclosed an issue around privilege escalation 
   around post commenting via XML-RPC.
 * Props to Omar Ganiev who reported a method where a DoS attack could lead to RCE.
 * Thanks to Karim El Ouerghemmi from [RIPS](https://www.ripstech.com/) who disclosed
   a method to store XSS in post slugs.
 * Thanks to Slavco for reporting, and confirmation from Karim El Ouerghemmi, a 
   method to bypass protected meta that could lead to arbitrary file deletion.
 * And a special thanks to @zieladam who was integral in many of the releases and
   patches during this release.

This release was led by [@audrasjb](https://profiles.wordpress.org/audrasjb/), [@davidbaumwald](https://profiles.wordpress.org/davidbaumwald/),
[@desrosj](https://profiles.wordpress.org/desrosj/), [@johnbillion](https://profiles.wordpress.org/johnbillion/),
[@metalandcoffee](https://profile.wordpress.org/metalandcoffee), [@noisysocks](https://profiles.wordpress.org/noisysocks/)
[@planningwrite](https://profiles.wordpress.org/planningwrite/), [@sarahricker](https://profiles.wordpress.org/sarahricker/),
[@sergeybiryukov](https://profiles.wordpress.org/sergeybiryukov/) and [@whyisjake](https://profiles.wordpress.org/whyisjake/).

First published

October 29, 2020

Last updated