Today October 29,2020 WordPress released version 5.5.2. This update includes 10 security fixes.
Many of these security issues are not yet disclosed publicly but we should see more details in the coming weeks.
Here’s the list of Security findings:
Ten security issues affect WordPress versions 5.5 and earlier; version 5.5.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.5, there are also updated versions of 5.4 and earlier that fix the security issues.
- Hardening deserialization requests.
- Disable spam embeds from disabled sites on a multisite network.
- Issue could lead to XSS from global variables.
- Privilege escalation in XML-RPC.
- Privilege escalation around post commenting via XML-RPC.
- DoS attack could lead to RCE.
- Method to store XSS in post slugs.
- Method to bypass protected meta that could lead to arbitrary file deletion.
Read the full release notes on WordPress