Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


WordPress Managed - Package updates


  • Staff

    You can use this thread to track updates to the managed WordPress package.

    Please open issues in a separate topic instead of replying here.


  • Staff

    Pushed a new 'Managed WP' package version 2.10.0 now:

    • WordPress has been updated to version 5.4.1
    • Now uses PHP 7.3

  • Staff

    Pushed a new 'Unmanaged WP' package version 2.2.0 that installed WP 5.4.1 by default.


  • Staff

    Both managed and unmanaged WP got updates to install the missing php-imagick


  • Staff

    [2.10.2]

    • Update WordPress to 5.4.2
    • Release post
    • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
    • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
    • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
    • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
    • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
    • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

Log in to reply