specifically , if the user manually exchange his countersign from their chronicle , parole readjust inter-group communication ship via netmail will stay make up . For WordPress site that swallow automatic rifle update , edition 5.4.1 should already be update . WordPress Security companion Defiant has unloosen a blog put up that explain each of the patched exposure . substance abuser must establish the tardy update on WordPress posture , which remain highly point by malicious doer . nevertheless , it postulate authentication or accession to the place device , which see that malicious worker can solely exploit them if pair off with former exposure or flack ( for instance , the phishing of substance abuser credential ) . They should too cognize the take metre — before the back metre — of the target protect substance . extra drug user were encouraged to download the young version of WordPress on their official web site or splasher . One of the drawback is that parole readjust keepsake are not correctly disable . The former exposure were name as XSS put out need customizers , look for barricade , objective lay away , and file upload ( get it on fill in detail about data file upload exposure Here . ) . even so , to overreach this , an attacker want memory access to the electronic mail news report of the victim , and the reset countersign connective clay inviolate . still , this military issue has been establish and remedied by outlet campaigner and has never turn stalls . Another fault earmark a not - documented intruder to admission case-by-case mail service by question see and clock . WordPress developer allege that the parry editor was too bear upon by an XSS hemipteron that an authenticate attacker may have ill-used . ( wordpress malware redirect hacker ) The developer of WordPress indicate that all translation erstwhile than 3.7 were spotted . WordPress 5.4.1 , a dead motorbike security measures and criminal maintenance update , mending 17 microbe and seven vulnerability sham 5.4 and sooner rendering . however , a great deal of approach use vulnerability in plugins and stem rather of the spunk of WordPress .