What’s in the WordPress 5.4.1 update? 7 vulnerability fixes

Last updated:

On April 29, 2020, WordPress 5.4.1, which fixes the vulnerability, released. Seven security fixes included. Here are the updates.

Release Date

WordPress 5.4.1 releases on April 29, 2020. Due to the security release, please update as soon as possible.

WordPress 5.4 releases on March 31, 2020, so it’s a minor update about a month later.

The following is a list of new features and changes for WordPress 5.4.

Updated Content

Updating to WordPress 5.4.1 will fix the following seven security issues.

  1. Password reset tokens are not invalidated
  2. It was possible that certain private posts could display without authentication.
  3. XSS vulnerability in the customizer
  4. XSS vulnerability in search blocking
  5. XSS vulnerability in the WordPress object cache
  6. XSS Vulnerability in File Uploads
  7. XSS issues in the block editor

Server Requirements

The requirements for running WordPress 5.4.1 include the following recommended.

How to Download

WordPress 5.4.1 is available on the download page.

WordPress 5.4.1 Download

Please refer to the article below on how to download WordPress.

How to Update

To update to WordPress 5.4.1, click the Update Now button on the dashboard update page.

If automatic updates are active, the update will start in the background.

What to do if the post page doesn’t show up after an update

After updating to WordPress 5.4.1, when accessing the Posts (single.php) with a specific permalink setting, the archive page (archive.php) will be displayed.

This happens when a blog service migrates a post with a URL as a date to WordPress.

Reason

Since WordPress 5.4.1, if you set only date and time (year/month/day/hour/minute/second) in the permalink setting, Posts will get archived.

This is the case when the following is set in the permalink settings.

/%year%/%monthnum%/%day%/%hour%%minute%%second%/

This is to fix the problem that if there are multiple posts published at the same date and time, the second and subsequent non-public posts can view them.

Solution

Downgrading to WordPress 5.4

Install WP Downgrade | Specific Core Version and downgrade to WordPress 5.4.

Change the permalink settings to redirect

  1. Change the end of the permalink setting to %post_id% or %postname% to make it a unique URL
  2. Change the slug of an existing article
  3. Install Redirection and set up 301 redirection

Related Post

Others have also seen this article.

go to top