Sourced from WordPress.org Documentation.
Summary
Security updates
This release features 2 security fixes. Because this is a security release, it is recommended that you update your sites immediately.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs and Peter Wilson.
- A cross-site scripting (XSS) vulnerability requiring an authenticated role that affects the nav menus. Reported by Phill Savage.
As a courtesy to users on older branches of WordPress, these fixes are available in branches of WordPress going back to WordPress 4.7.