On March 12, 2019, a maintenance release was announced by WordPress for version 5.1.1. With this new version, there are 10 fixes and enhancements, which include security updates that address how comments are filtered and stored within the database. Prior to this update, if WordPress comments were maliciously crafted, an unauthenticated attacker could gain access to the user’s site, resulting a cross-site scripting vulnerability.
To avoid any exploits due to the security vulnerabilities, users are urged to upgrade their WordPress to version 5.1.1 as soon as possible. These security vulnerabilities affect every WordPress version prior to 5.1.1. Otherwise, it is recommended that users disable the comment option until their WordPress version is upgraded.
WordPress version 5.1.1 is available for download or upgrade directly through your WordPress dashboard to take advantage of all features and bug fixes. WordPress sites secured with SiteLock INFINITY will have this security vulnerability automatically patched on their next scan. If you would like to protect your WordPress site with automated malware removal, core CMS vulnerability patching, and WordPress database protection, contact SiteLock today and ask about INFINITY. We’re available 24/7 via phone, email, or live chat to help.