WordPress 5.7.1 is now available!
This security and maintenance release features 26 bug fixes in addition to two security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 4.7 have also been updated.
WordPress 5.7.1 is a short-cycle security and maintenance release. The next major release will be version 5.8.
You can download WordPress 5.7.1 by downloading from WordPress.org, or visit your Dashboard → Updates and click Update Now.
If you have sites that support automatic background updates, they’ve already started the update process.
Security Updates
Two security issues affect WordPress versions between 4.7 and 5.7. If you haven’t yet updated to 5.7, all WordPress versions since 4.7 have also been updated to fix the following security issues:
Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8.Thanks Mikael Korpela for reporting a data exposure vulnerability within the REST API.
Thank you to all of the reporters for privately disclosing the vulnerabilities. This gave the security team time to fix the vulnerabilities before WordPress sites could be attacked.
Props to Adam Zielinski, Pascal Birchler, Peter Wilson, Juliette Reinders Folmer, Alex Concha, Ehtisham Siddiqui, Timothy Jacobs and the WordPress security team for their work on these issues.
For more information, browse the full list of changes on Trac, or check out the version 5.7.1 HelpHub documentation page.
Thanks and props!
The 5.7.1 release was led by @peterwilsoncc and @audrasjb.
In addition to the security researchers and release squad members mentioned above, thank you to everyone who helped make WordPress 5.7.1 happen:
99w, Adam Silverstein, Andrew Ozz, annalamprou, anotherdave, Ari Stathopoulos, Ayesh Karunaratne, bobbingwide, Brecht, Daniel Richards, David Baumwald, dkoo, Dominik Schilling, dragongate, eatsleepcode, Ella van Durpe, Erik, Fabian Pimminger, Felix Arntz, Florian TIAR, gab81, Gal Baras, Geoffrey, George Mamadashvili, Glen Davies, Greg Ziółkowski, grzim, Ipstenu (Mika Epstein), Jake Spurlock, Jayman Pandya, Jb Audras, Joen A., Johan Jonk Stenström, Johannes Kinast, John Blackbourn, John James Jacoby, Jonathan Desrosiers, Josee Wouters, Joy, k3nsai, Kelly Choyce-Dwan, Kerry Liu, Marius L. J., Mel Choyce-Dwan, Mikhail Kobzarev, mmuyskens, Mukesh Panchal, nicegamer7, Otshelnik-Fm, Paal Joachim Romdahl, palmiak, Pascal Birchler, Peter Wilson, pwallner, Rachel Baker, Riad Benguella, Rinat Khaziev, Robert Anderson, Roger Theriault, Sergey Biryukov, Sergey Yakimov, SirStuey, stefanjoebstl, Stephen Bernhardt, Sumit Singh, Sybre Waaijer, Synchro, Terri Ann, tigertech, Timothy Jacobs, tmatsuur, TobiasBg, Tonya Mork, Toru Miki, Ulrich, and Vlad T.
More Stories
chromium-134.0.6998.88-3.fc42
FEDORA-2025-6b9cbdbdff Packages in this update: chromium-134.0.6998.88-3.fc42 Update description: Update to 134.0.6998.88 High CVE-2025-1920: Type Confusion in V8 High CVE-2025-2135: Type...
jupyterlab-4.3.6-1.fc41
FEDORA-2025-e50201543b Packages in this update: jupyterlab-4.3.6-1.fc41 Update description: Update to 4.3.6 (rhbz#2352545) Read More
jupyterlab-4.3.6-1.fc40
FEDORA-2025-1d68ba6806 Packages in this update: jupyterlab-4.3.6-1.fc40 Update description: Update to 4.3.6 (rhbz#2352545) Read More
MS-ISAC CYBERSECURITY ADVISORY – Multiple Vulnerabilities in Sante PACS Server Could Allow for Remote Code Execution – PATCH NOW – TLP: CLEAR
Multiple vulnerabilities have been discovered in Sante PACS Server, the most severe of which could allow for remote code execution....
dotnet8.0-8.0.114-1.fc40
FEDORA-2025-83c147615e Packages in this update: dotnet8.0-8.0.114-1.fc40 Update description: This is the monthly update for .NET for March 2025. Release Notes:...
dotnet8.0-8.0.114-1.fc41
FEDORA-2025-adbd75f500 Packages in this update: dotnet8.0-8.0.114-1.fc41 Update description: This is the monthly update for .NET for March 2025. Release Notes:...