WordPress (Developer) - Package Updates
Pinned
WordPress (Developer)
-
[2.16.3]
- Update WordPress to 6.0.3
- Release announcement
- Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Open redirect in
wp_nonce_ays
– devrayn - Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui Bussan Secure Directions, Inc. via JPCERT
- Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security team and Marc Montpas from Automattic independently discovered this issue
-
[2.17.0]
- Update WordPress to 6.1
- Release announcement
- Twenty Twenty-Three: A fresh default theme with 10 distinct style variations
- New templates for an improved creator experience
- Design tools for more consistency and control
- Manage menus with ease
- Cleaner layouts and document settings visualization
- One-click lock setting for all inner blocks
- Improved block placeholders
- Compose richer lists and quotes with inner blocks
- More Responsive text with fluid typography
- Add starter patterns to any post type
- A streamlined style system
-
[3.1.0]
- Update WordPress to 6.2
- Release announcement
- Meet the reimagined Site Editor
- Manage your menu in more ways with the Navigation block
- Discover a smoother experience for the Block Inserter
- Find the controls you want when you need them
- Build faster with headers and footers for block themes
- Explore Openverse media right from the Editor
- Focus on writing with Distraction Free mode
- Experience the Site Editor, now out of beta
- Meet the new Style Book
- Copy and paste styles
- Custom CSS
- Sticky positioning
- Importing widgets
- Local fonts in themes
-
[3.1.1]
- Update WordPress to 6.2.1
- Update redis and smtp plugin
- Announcement
- Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
- A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
- A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
- Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
- A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.
-
[3.2.0]
- Update WordPress to 6.3
- Announcement
- Do everything in the Site Editor
- Preview Block themes
- Create and sync patterns
- Work faster with the Command Palette
- Sharpen your designs with new tools
- Track design changes with Style revisions
- Annotate with the Footnotes block
-
[3.3.0]
- Update WordPress to 6.4
- Announcement
- Meet Twenty Twenty-Four
- The Command Palette just got better
- Categorize and filter patterns
- Get creative with more design tools
- Make your images stand out
- Rename Group blocks
- Preview images in List View