The WordPress team released WordPress 5.7.1. This version features 26 bug fixes in addition to two security fixes:
-
- XML External Entity Injection within the media library affecting only PHP 8.
Fix: WordPress Security Team disabled the ability to load external entities for all versions
-
- Data exposure vulnerability within the REST API.
Fix: WordPress Security Team added extra measures to restrict access to password protected posts.
The Pagely team will be rolling out this patch for all customers shortly. If you have a version hold request on file, we will patch your site while keeping it on the same major branch version.