the wordpress logo on a purple background

WordPress 5.3.1 Security and Maintenance Release

WordPress 5.3.1 was released on 13 December 2019.

WordPress 5.3.1 is a security release which addresses four security issues.

As with any security release – it’s important that you update immediately.

What does it fix?

Security issues fixed in the WordPress 5.3.1:

  • a bug where an unprivileged user could make a post sticky via the REST API
  • a bug where cross-site scripting (XSS) could be stored in well-crafted links
  • a XSS vulnerability using Gutenberg block edito
  • hardening wp_kses_bad_protocol() to ensure that it is aware of the named colon attribute

There were also 48 maintenance updates covering the block editor, Twenty Twenty bundled theme, accessibility, Admin CSS, internationalization, media library and date/time handling.

How to install update?

As a minor release, by default, the update will install automatically.

If this has been disabled you will need to install by logging into your WordPress administration console and go to the Dashboard -> Updates page.