Yesterday WordPress Released a new update, its not major version update. Its security and maintenance release that fixes 23 bugs and enhancements.
Checkout Official Post on WordPress.org,
The bugs that were present in earlier wordpress versions were fixed in this update. So make sure you are currently updated to latest version to improve wordpress security.
Let us what the WordPress Devs has done with 5.4.2 Version,
Security Updates on 5.4.2 Version
- Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor.
- Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
- Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
- Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads.
- Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation.
- Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.
WordPress has fixed all the priority bugs as reported by above developers in earlier versions.
We Recommend to Take Backup and Update to Latest Version 5.4.2 to avoid vulnerabilities Security Attacks. Read the full list of changes Here.
As per WordPress this 5.4.2 Version is a short-cycle maintenance release and Next Update is a Major Release and its most waited WordPress 5.5.
To update just visit Your blog Dashboard and Navigate to Updates and click Update Now(Take Backup Before starting this process). If you or Your hosting (like siteground) services provides auto updates then you no need to worry.
Credits: WordPress.org