WordPress 6.5.5
24 June 2024
WordPress version 6.5.5 is now available (security release).
Upgrading to WordPress 6.5.5
WordPress 6.5.5 can be upgraded to (or installed) using any of Installatron's products. Use Installatron's optional Automatic Update feature to automatically apply WordPress updates as new versions are released, or use Installatron's Clone feature to duplicate an existing WordPress install to test the 6.5.5 upgrade prior to applying it live. Get started managing your WordPress installations with Installatron
What's New in WordPress 6.5.5
This release features three security fixes and three bug fixes in Core.
Security
- A cross-site scripting (XSS) vulnerability affecting the HTML API reported by Dennis Snell of the WordPress Core Team, along with Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress security team.
- A cross-site scripting (XSS) vulnerability affecting the Template Part block reported independently by Rafie Muhammad of Patchstack and during a third party security audit.
- A path traversal issue affecting sites hosted on Windows reported independently by Rafie M & Edouard L of Patchstack, David Fifield, x89, apple502j, and mishre.
Core - Bug Fixes
- Font Directory uploads ignore `subdir` property
- `wp_get_plugin_action_button()` can return `void`
- Plugins: Remove unassigned sprintf from wp_get_plugin_action_button()