WordPress released two subsequent updates in the past few days – WordPress version 5.5.2, shortly followed by version 5.5.3. The first of these updates contained minor bug fixes and security enhancements applied to the CMS code.
The second update was an emergency one, remedying an issue introduced in version 5.5.2. The issue made it impossible to install the CMS on a new website without having a configured database connection.
Wordfence researchers analyzed the release “to determine the severity of any vulnerabilities that may have been patched.” Note that in 5.5.2 release, eight different flaws were addressed. Fortunately, most of them required “some specific conditions” to be exploited, meaning that mass exploitation could be challenging to carry out.
The WordPress core team first re-enabled download 5.5.2 to prevent sites from updating to the alpha versions to address both issues. Then, the team released the emergency version to fix the issue preventing new installations.
How dangerous are the vulnerabilities fixed in WordPress version 5.5.2 and 5.5.3?
Most of the vulnerabilities require specific conditions to be used in attacks. However, if the researchers who reported the coding issues publish a proof-of-concept code, exploits of vulnerable sites could appear.
Attackers often find ways to weaponize published PoC codes against unpatched code, so web admins should update their WordPress installations immediately to version 5.5.3. Always make sure that your website is running the latest possible version. Wordfence also recommends testing in a staging environment before applying the update.
Full technical disclosure of all the vulnerabilities is available in the original report.
Security tip. You may want to add a security plugin to your WordPress site or blog. Some of these plugins guarantee that you will receive timely notifications for any potential risk. This way, you can act immediately and prevent the occurrence of any severe issues. HowToHosting.guide has reviewed some of the best security plugins for WP. You can also read our article dedicated to the three most common misconceptions that endanger your website.