Skip to content

Version 6.2.3
Compare
Choose a tag to compare
@wordpress-packager wordpress-packager released this 12 Oct 21:13
· 4 commits to main since this release
6.2.3
41ff6e2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Sourced from WordPress.org Documentation.

Summary

This is a short-cycle release. You can review a summary of the maintenance updates in this release by reading the Release Candidate announcement.

Security updates

The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:

  • Marc Montpas of Automattic for finding a potential disclosure of user email addresses.
  • Marc Montpas of Automattic for finding an RCE POP Chains vulnerability.
  • Rafie Muhammad and Edouard L of Patchstack along with a WordPress commissioned third-party audit for each independently identifying a XSS issue in the post link navigation block.
  • Jb Audras of the WordPress Security Team and Rafie Muhammad of Patchstack for each independently discovering an issue where comments on private posts could be leaked to other users.
  • James Golovich and WhiteCyberSec for each independently identifying a way for logged in user to execute any shortcode.
  • mascara7784 for identifying a XSS vulnerability in the application password screen.
  • Jorge Costa of the WordPress Core Team for identifying XSS vulnerability in the footnotes block.
  • s5s and raouf_maklouf for independently identifying a cache poisoning DoS vulnerability.
Assets 2
Loading