WordPress verze od 4.7 až 6.9 opravuje bezpečnostní chyby

zdeneksvarc

Protože hodně operátorů má weby na WordPressu, vyplatí se neprodleně upgradovat.

Včera odpoledne vyšla bezpečnostní verze 6.9.2

https://wordpress.org/news/2026/03/wordpress-6-9-2-release/

Dnes nad ránem bez bližších informací 6.4.8 / 6.5.8 / 6.6.5 / 6.7.5 / 6.8.5

Fixy ve verzi 6.9.2

A Blind SSRF issue reported by sibwtf, and subsequently by several other researchers while the fix was being worked on
A PoP-chain weakness in the HTML API and Block Registry reported by Phat RiO
A regex DoS weakness in numeric character references reported by Dennis Snell of the WordPress Security Team
A stored XSS in nav menus reported by Phill Savage
An AJAX query-attachments authorization bypass reported by Vitaly Simonovich
A stored XSS via the data-wp-bind directive reported by kaminuma
An XSS that allows overridding client-side templates in the admin area reported by Asaf Mozes
A PclZip path traversal issue reported independently by Francesco Carlucci and kaminuma
An authorization bypass on the Notes feature reported by kaminuma
An XXE in the external getID3 library reported by Youssef Achtatal

zdeneksvarc

https://wordpress.org/news/2026/03/wordpress-6-9-4-release/

WordPress 6.9.2 and WordPress 6.9.3 were released yesterday, addressing 10 security issues and a bug that affected template file loading on a limited number of sites.

The WordPress Security Team has discovered that not all of the security fixes were fully applied, therefore 6.9.4 has been released containing the necessary additional fixes.

Because this is a security release, it is recommended that you update your sites immediately.

zdeneksvarc

Dnes nad ránem bezpečnostní updates pro zbytek historických verzí 5.3 až 6.3

https://github.com/WordPress/WordPress/tags

zdeneksvarc

Dnes v podvečer bezpečnostní update pro ještě starší historické verze 4.7 až 5.2

https://github.com/WordPress/WordPress/tags