/home/cp181240/mail/new/1684304716.M664490P89708.cpanel10wh.bkk1.cloud.z.com,S=2502,W=2549
Envelope-to: cp181240@cpanel10wh.bkk1.cloud.z.com
Delivery-date: Wed, 17 May 2023 13:25:16 +0700
To: cp181240@cpanel10wh.bkk1.cloud.z.com
Subject: [Installatron] WordPress 6.2.1 now available (security release)
Date: Wed, 17 May 2023 13:25:15 +0700
From: root@cpanel10wh.bkk1.cloud.z.com
Message-ID: <fb49c004d42e1a314c0772adcb788e06@cpanel10wh.bkk1.cloud.z.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This is an automated email from Installatron. To unsubscribe from these emails or to change notification settings, login to your web hosting control panel, navigate to the Installatron tool, and select the installed applications you wish to modify.

An update to WordPress 6.2.1 (security release) is now available for the WordPress installations you are managing using Installatron. The following can be updated:

- https://grillshack.mystric.com


The changes for this version are:

This minor release features 20 bug fixes in Core and 10 bug fixes for the block editor. This release also features several security fixes. 

Security
* Block themes parsing shortcodes in user generated data; thanks to Liam Gladdy of WP Engine for reporting this issue
* A CSRF issue updating attachment thumbnails; reported by John Blackbourn of the WordPress security team
* A flaw allowing XSS via open embed auto discovery; reported independently by Jakub Żoczek of Securitum and during a third party security audit
* Bypassing of KSES sanitization in block attributes for low privileged users; discovered during a third party security audit.
* A path traversal issue via translation files; reported independently by Ramuel Gall and during a third party security audit.

Login to your web hosting control panel and navigate to the Installatron tool to update your installed applications.

End of report.