Version 5.0.9

On April 29, 2020, WordPress 5.0.9 was released to the public.

Installation/Update Information Installation/Update Information

To download WordPress 5.0.9, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.

For step-by-step instructions on installing and updating WordPress:

If you are new to WordPress, we recommend that you begin with the following:

Top ↑

Summary Summary

Six security issues affect WordPress versions 5.4 and earlier; version 5.4.1 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

  • Props to Muaz Bin Abdus Sattar and Jannes who both independently reported an issue where password reset tokens were not properly invalidated
  • Props to ka1n4t for finding an issue where certain private posts can be viewed unauthenticated
  • Props to Evan Ricafort for discovering an XSS issue in the Customizer
  • Props to Ben Bidner from the WordPress Security Team who discovered an XSS issue in the search block
  • Props to Nick Daugherty from WPVIP.com / WordPress Security Team who discovered an XSS issue in wp-object-cache
  • Props to Ronnie Goodrich (Kahoots) and Jason Medeiros who independently reported an XSS issue in file uploads.

Top ↑

List of Files Revised List of Files Revised

/wp-includes/cache.php
/wp-includes/class-wp-customize-manager.php
/wp-includes/class-wp-query.php
/wp-includes/formatting.php
/wp-includes/post.php
/wp-includes/user.php