WordPress vulnerability that allowed any user with an unprivileged account to bypass the password protection WordPress provides. Anonymous attackers are able to exploit this vulnerability and gain access to password protected posts on websites where registration is open.
WordPress has released this update to address this key vulnerablity along with other security issues in this version.
Other key issues addressed:
- Redirect bypass in the customizer
- two different XSS problems via attachment names
- revision history information disclosure
- oEmbed denial of service
- unauthorized category removal from a post
- password change via stolen cookie
- some less secure sanitize_file_name edge cases
It is recommended that your wordpress version should be updated on immediate basis. Feel free to reach us if you need any help in update or enhancements.