======================================================================

                               CERT-Renater

                     Note d'Information No. 2024/VULN297
_____________________________________________________________________

DATE                : 26/06/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running WordPress versions prior
                                          to 6.5.5.

=====================================================================
https://wordpress.org/news/2024/06/wordpress-6-5-5/
_____________________________________________________________________


WordPress 6.5.5 is now available!

This release features three security fixes. Because this is a
security release, it is recommended that you update your sites
immediately. This minor release also includes 3 bug fixes in Core.

You can download WordPress 6.5.5 from WordPress.org, or visit your
WordPress Dashboard, click “Updates”, and then click “Update Now”.
If you have sites that support automatic background updates, the
update process will begin automatically.

WordPress 6.5.5 is a short-cycle release. The next major release
will be version 6.6 which is scheduled for July 16, 2024.

For more information on WordPress 6.5.5, please visit the HelpHub
site.

Security updates included in this release

The security team would like to thank the following people for
responsibly reporting vulnerabilities, and allowing them to be
fixed in this release:

     A cross-site scripting (XSS) vulnerability affecting the HTML
API reported by Dennis Snell of the WordPress Core Team, along
with Alex Concha and Grzegorz (Greg) Ziółkowski of the WordPress
security team.
     A cross-site scripting (XSS) vulnerability affecting the
Template Part block reported independently by Rafie Muhammad
of Patchstack and during a third party security audit.
     A path traversal issue affecting sites hosted on Windows
reported independently by Rafie M & Edouard L of Patchstack,
David Fifield, x89, apple502j, and mishre.


Thank you to these WordPress contributors

This release was led by Aaron Jorbin.

WordPress 6.5.5 would not have been possible without the
contributions of the following people. Their asynchronous
coordination to deliver maintenance and security fixes into
a stable release is a testament to the power and capability
of the WordPress community.

=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================