- XML External Entity Injection within the media library affecting only PHP 8.
Fix: WordPress Security Team disabled the ability to load external entities for all versions
- Data exposure vulnerability within the REST API.
Fix: WordPress Security Team added extra measures to restrict access to password protected posts.
The Pagely team will be rolling out this patch for all customers shortly. If you have a version hold request on file, we will patch your site while keeping it on the same major branch version.