This security release features four security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 5.8.3 is a short-cycle security release. The next major release will be version 5.9, which is already in the Release Candidate stage.
You can update to WordPress 5.8.3 by downloading from WordPress.org or visiting your Dashboard → Updates and clicking Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Security Updates
Four security issues affect WordPress versions between 3.7 and 5.8. If you haven’t yet updated to 5.8, all WordPress versions since 3.7 have also been updated to fix the following security issue (except where noted otherwise):
Props to Karim El Ouerghemmi and Simon Scannell of SonarSource for disclosing an issue with stored XSS through post slugs.Props to Simon Scannell of SonarSource for reporting an issue with Object injection in some multisite installations.Props to ngocnb and khuyenn from GiaoHangTietKiem JSC for working with Trend Micro Zero Day Initiative on reporting a SQL injection vulnerability in WP_Query.Props to Ben Bidner from the WordPress security team for reporting a SQL injection vulnerability in WP_Meta_Query (only relevant to versions 4.1-5.8).
Thank you to all of the reporters above for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked. Thank you to the members of the WordPress security team for implementing these fixes in WordPress.
For more information, check out the 5.8.3 HelpHub documentation page.
Thanks and props!
The 5.8.3 release was led by @desrosj and @circlecube.
In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.8.3 happen:
Alex Concha, Dion Hulse, Dominik Schilling, ehtis, Evan Mullins, Jake Spurlock, Jb Audras, Jonathan Desrosiers, Ian Dunn, Peter Wilson, Sergey Biryukov, vortfu, and zieladam.
More Stories
chromium-117.0.5938.132-2.fc39
FEDORA-2023-c890266d3f Packages in this update: chromium-117.0.5938.132-2.fc39 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....
chromium-117.0.5938.132-2.fc38
FEDORA-2023-d66a01ad4f Packages in this update: chromium-117.0.5938.132-2.fc38 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Read More
chromium-117.0.5938.132-1.el7
FEDORA-EPEL-2023-edc9c74369 Packages in this update: chromium-117.0.5938.132-1.el7 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....
chromium-117.0.5938.132-1.el8
FEDORA-EPEL-2023-8f3e1b6f78 Packages in this update: chromium-117.0.5938.132-1.el8 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....
chromium-117.0.5938.132-1.fc37
FEDORA-2023-0cd03c3746 Packages in this update: chromium-117.0.5938.132-1.fc37 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Read More
chromium-117.0.5938.132-1.el9
FEDORA-EPEL-2023-cca1f87440 Packages in this update: chromium-117.0.5938.132-1.el9 Update description: update to 117.0.5938.132. Fixes following security issues: CVE-2023-5129 CVE-2023-5186 Update to 117.0.5938.92....