Title: Version 5.4.14
Author: Jb Audras
Published: October 12, 2023

---

# Version 5.4.14

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#summary)
    - [Maintenance updates](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#maintenance-updates)
    - [Security updates](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#security-updates)
 * [Credits](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#credits)
 * [Changelog](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#changelog)
    - [List of updated packages](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#list-of-updated-packages)
    - [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#wp--skip-link--target)

On October 12, 2023, WordPress 5.4.14 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#installation-update-information)󠁿

To get this version, update automatically from the Dashboard > Updates menu in your
site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/support/article/new_to_wordpress_-_where_to_start/?output_format=md)
 * [First Steps With WordPress](https://wordpress.org/support/article/first-steps-with-wordpress/?output_format=md)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/support/article/wordpress-lessons/?output_format=md)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#summary)󠁿

### 󠀁[Maintenance updates](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#maintenance-updates)󠁿

This security and maintenance release features [19 bug fixes on Core](https://core.trac.wordpress.org/query?milestone=6.3.2&group=component&col=id&col=summary&col=milestone&col=owner&col=type&col=status&col=priority&order=priority),
22 bug fixes for the Block Editor, and 8 security fixes.

This is a short-cycle release. You can review a summary of the maintenance updates
in this release by reading the [Release Candidate announcement](https://make.wordpress.org/core/2023/10/06/wordpress-6-3-2-rc1-is-now-available/).

### 󠀁[Security updates](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#security-updates)󠁿

The security team would like to thank the following people for responsibly reporting
vulnerabilities, and allowing them to be fixed in this release:

 * Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
 * Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
 * Rafie Muhammad and Edouard L of [Patchstack](https://patchstack.com/) along with
   a WordPress commissioned third-party audit for each independently identifying
   a XSS issue in the post link navigation block.
 * [Jb Audras](https://www.linkedin.com/in/audrasjb/) of the WordPress Security 
   Team and Rafie Muhammad of [Patchstack](https://patchstack.com/) for each independently
   discovering an issue where comments on private posts could be leaked to other
   users.
 * [James Golovich](https://hackerone.com/jamesgol?type=user) and [WhiteCyberSec](https://hackerone.com/whitecybersec?type=user)
   for each independently identifying a way for logged in user to execute any shortcode.
 * [mascara7784](https://fb.com/zino.abdrahim) for identifying a XSS vulnerability
   in the application password screen.
 * [Jorge Costa](https://profiles.wordpress.org/jorgefilipecosta/) of the WordPress
   Core Team for identifying XSS vulnerability in the footnotes block.
 * [s5s](https://hackerone.com/s5s) and [raouf_maklouf](https://hackerone.com/raouf_maklouf)
   for independently identifying a cache poisoning DoS vulnerability.

## 󠀁[Credits](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#credits)󠁿

This release was led by [Joe McGill](https://profiles.wordpress.org/joemcgill/),
[Aaron Jorbin](https://profiles.wordpress.org/jorbin/) and [Jb Audras](https://profiles.wordpress.org/audrasjb).

## 󠀁[Changelog](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#changelog)󠁿

### 󠀁[List of updated packages](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#list-of-updated-packages)󠁿

    ```wp-block-preformatted
    COMING SOON
    ```

### 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-4-14/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    COMING SOON
    ```

First published

October 12, 2023

Last updated