WordPress version 4.5.3 Released to Fix Vulnerability
WordPress version 4.5.3 was released several hours ago by the WordPress Core team. This update is a maintenance and security release that fixes a vulnerability. This security expolit allows hackers to bypass any password protected post. Since this is a high severity security exploit, it is recommended that you update your WordPress core as soon as possible to close any possible security gaps in your site.
WordPress allows you to create posts that are protected by a password and only users with that password can then gain access to the post.
The team over at WordFence discovered a vulnerability on May 3rd that allowed any user with an unprivileged account to bypass the password protection WordPress provides. Consequently, anonymous attackers are able to exploit this vulnerability and gain access to password protected posts on websites where registration is open.
The severity of this exploit was listed as 7.5 (high).
All of our plugins have been tested against this new WordPress core and are compatible.
Here’s is more info about this specific vulnerability from the WordFence team:
Also, here’s more info on the full list of vulnerabilities patched in WordPress 4.5.3: