WordPress – security issues fixed

For the Content Management System (CMS) WordPress, an update has been available since last week that eliminates a total of seven potentially exploitable vulnerabilities. If not already done, WordPress users should update their installation promptly via the dashboard. In addition to cross-site scripting (XSS) vulnerabilities, the update eliminates the possibility of unauthorized access to certain private posts and a problem with tokens for password reset that have not been invalidated in the required manner after use. All of the WordPress versions up to and including 5.4.0 are affected by the security problems – with the exception of a single XSS vulnerability, which was limited to version 5.4 RC1 / RC2 and has been fixed in RC5.