upgrade-today-critical-vulnerability-in-phpmailer-affects-wordpress-drupal-websites.jpeg
Chris Grant (he/him) November 09, 2020 A 2 minute read

Unpacking the WordPress update fiasco (and why you need someone to keep an eye on your WordPress updates)

Everything doesn’t always go to plan, and that was the case for a series of WordPress Update mishaps recently.

On Thursday, October 29th the WordPress core team released WordPress version 5.5.2. This was a minor release containing bug fixes and security enhancements to the core WordPress content management system powering over one-third of the internet.

In the WordPress 5.5.2 release, the WordPress core team patched 8 different vulnerabilities. It was found by security researchers that most of these vulnerabilities required some specific conditions which meant that they would not easily be exploited en-mass.

WordPress 5.5.3

The latest update, Version 5.5.3 is everything version 5.5.2 was meant to be, only without the associated problems. WordPress 5.5.3 fixes all the problems introduced in the 5.5.2 version.

WordPress explained:

This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file.

If you are not on 5.5.2, or have auto-updates for minor releases disabled, please manually update to the 5.5.3 version by downloading WordPress 5.5.3 or visiting Dashboard → Updates and click “Update Now.”

What should I do?

Though most of these vulnerabilities do not appear to be easily exploitable, the researchers who reported these coding issues may publish Proof of Concept code that could lead to exploits against vulnerable sites. Attackers may find ways in the future to utilize unpatched code in ways that we might not find significant now. As always, we recommend updating as soon as possible.

This is a minor WordPress release, which means that most sites will automatically update. With the subsequent emergency release of WordPress 5.5.3, you should ensure that you have updated to the latest version. You may wish to perform testing in a staging (or other testing) environment before updating the production/live version of your site.

Conclusion

You can find the official announcement of the WP 5.5.2 release here.

Thank you to the WordPress core team and the researchers who make WordPress safer for everyone.

Our website maintenance and website support services for WordPress websites ensure that a real live human checks your sites after updates, and can take immediate action to roll-back your site to a working backup should there be any issues. Just another advantage of our website support service!