On May 13, 2021, WordPress released a new security patch WordPress 5.7.2. This is a short-cycle security release that features one security fix. It is recommended to install every update introduced by the WordPress community. It is always a good idea to know what an update has to offer before installing it.
Here, we are going to mention all the improvements included in this update.
What is included in WordPress 5.7.2?
One security issue has been affecting all the WordPress versions between 3.7 and 5.7. This issue is Object injection in PHPMailer, CVE-2020-36326, and CVE-2018-19296. With this release, WordPress fixed this problem.
CVE-2018-19296:
PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object injection attack. This vulnerability has been patched in an updated version of PHPMailer.
CVE-2020-36326:
PHPMailer 6.1.8 through 6.4.0 allows object injection through Phar Deserialization via attachment with a UNC pathname. This is similar to CVE-2018-19296 but arose because 6.1.8 fixed a functionality problem in which UNC path names were always considered unreadable by PHPMailer, even in safe contexts. As an unintended side effect, this fix eliminated the code that blocked addAttachment exploitation.
How to Update?
You can update your website with WordPress 5.7.2 by downloading this version from WordPress.org. Or, you can navigate to Dashboard > Updates and then click on ‘Update Now.’
If your website supports automatic background updates, then it will automatically start the update process.
Wrapping Up!
If you face any issues while installing this update, you can get in touch with us. To get some expert advice you can contact us at info@wewpyou.com. Our team of WordPress experts will assist you with all your queries.
