Get started today. Now with 10-16% off!

WordPress 5.9.2 Security Update Fixes XSS and Prototype Pollution Vulnerabilities

Mar 10, 2022

On March 10, 2022, the WordPress core team released WordPress version 5.9.2, which contains security patches for a high-severity vulnerability as well as two medium-severity issues. The high-severity issue affects version 5.9.0 and 5.9.1 and allows contributor-level users and above to insert malicious JavaScript into WordPress posts. Because this is a security release, it is recommended that you update your sites immediately. Note, that in order to avoid web site crashes and to assure timely security updates it is best to use our WordPress Maintenance Service.

WordPress < 5.9.2 – Prototype Pollution in jQuery

The jQuery library used in WordPress is affected by a Prototype Pollution issue

WordPress (5.9-5.9.1) / Gutenberg (9.8.0-12.7.1) – Contributor+ Stored Cross-Site Scripting

Post authors are able to bypass KSES restrictions in WordPress >= 5.9 (and or Gutenberg >= 9.8.0) due to the order filters are executed, which could allow them to perform to Stored Cross-Site Scripting attacks.

WordPress < 5.9.2 / Gutenberg < 12.7.2 – Prototype Pollution via Gutenberg’s wordpress/url package

The @wordpress/url package used in WordPress and the Gutenberg plugin is affected by a Prototype Pollution issue.

Read more about this bug: external link here.

Standard Plan

$6999USD/m NOW $58/m89/m
billed yearly or $99 $89 month-by-monthmonthly and $149 set-up fee

WordPress Maintenance and Security Updates

We will update your WordPress core, plugins and themes constantly plus you will get 20 more security features.

Save $360/yearly (30%)
and avoid $149 set-up fee!

Save additional 1610% NOW!

Pay $699 yearly ($58/month)Pay $238 now, $89 monthly afterwards

Available for websites with themes and plugins from repository only.

Ready to Join?

Pay $699 yearly ($58/month)
(upgrade to the PRO PLAN at any time)