This is the analysis of the latest WordPress security bugs. Is it awesome upstream already has CVE IDs and (almost) clear patches of the fixes? Yes, it is!
Sid: 5.4 All vulnerabilities, use upstream 5.4.1 Bullseye: 5.3.2 https://github.com/WordPress/wordpress-develop/commit/42cbfc76f87add1853996730c587ea66aa8fdc28 SVN references: 47633 47634 47635 47636 47637 47638 https://core.trac.wordpress.org/changeset/47633 Customizer - CVE-2020-11025 https://core.trac.wordpress.org/changeset/47634 password update - CVE-2020-11027 https://core.trac.wordpress.org/changeset/47635 single post on query - CVE-2020-11028 https://core.trac.wordpress.org/changeset/47636 block editor escape - CVE-2020-11030 https://core.trac.wordpress.org/changeset/47637 escaping around stats - CVE-2020-11029 https://core.trac.wordpress.org/changeset/47638 sanitize file name - CVE-2020-11026 All vulnerable, use aggregated GH commit Buster: 5.0.4 https://github.com/WordPress/wordpress-develop/commit/e65e7a3bd96df6675a9a3caa54f5945885379f09 SVN references: 47633 47634 47635 47636 47637 47638 All vulnerable, use aggregated GH commit Stretch: 4.7.5 https://github.com/WordPress/wordpress-develop/commit/f9be892b76512c0bf3826c07839dd7c406f13e06 SVN references: 47633 47634 47635 47637 47638 Does NOT reference 47636 4.7.5 code does not use blocks, equivalent code in get_search_form() uses if statement so changing class variable gives default (follows else path) https://github.com/WordPress/wordpress-develop/blob/c7f320da2b05b261fc94b63dccc2fc0787641cf9/src/wp-includes/general-template.php#L221 Not vulnerable to CVE-2020-11030, use aggregated GH commit for the rest
