On June 24, 2024, WordPress 6.5.5 was released to the public.
This release features three security fixes. Because this is a security release, it is recommended that you update your sites immediately. This minor release also includes 3 bug fixes in Core.
The security team would like to thank the following people for responsibly reporting vulnerabilities and allowing them to be fixed in this release:
- Alex Concha, Grzegorz (Greg) Ziółkowski, and Dennis Snell of the WordPress security team discovered a cross-site scripting (XSS) vulnerability that affects the HTML API.
- Independently discovered by Patchstack’s Rafie Muhammad and discovered during a third-party security audit, the Template Part block was vulnerable to cross-site scripting (XSS).
- A path traversal issue affecting sites hosted on Windows was reported independently by Rafie M. & Edouard L. of Patchstack, David Fifield, x89, apple502j, and mishre.
