Update to version 1.6.2. Includes fixes for CVE-2025-58066 (potential DoS in the ntpd-rs server) and CVE-2025-58160 (potential tracing log pollution).
Comment
WordPress 6.8.3 Release
Sep30
WordPress 6.8.3 is now available!
This is a security release that features two fixes.
Because this is a security release, it is recommended that you update your sites immediately.
You can download WordPress 6.8.3 from WordPress.org, or visit your WordPress Dashboard, click “Updates”, and then click “Update Now”. If you have sites that support automatic background updates, the update process will begin automatically.
The next major release will be version 6.9, which is planned for December 2nd, 2025.
For more information on WordPress 6.8.3, please visit the version page on the HelpHub site.
Security updates included in this release
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs, and Peter Wilson.
- A cross-site scripting (XSS) vulnerability requiring an authenticated user role that affects the nav menus. Reported by Phill Savage.
As a courtesy, these fixes have also been made available to all branches eligible to receive security fixes (currently through 4.7). As a reminder, only the most recent version of WordPress is actively supported.
Thank you to these WordPress contributors
This release was led by John Blackbourn.
In addition to the security researchers and release squad members mentioned above, WordPress 6.8.3 would not have been possible without the contributions of the following people:
Aaron Jorbin, Abu Hurayra, Adam Zieliński, Alex Concha, Andrei Draganescu, David Baumwald, Ehtisham Siddiqui, Ian Dunn, Jake Spurlock, Jb Audras, Joe Hoyle, John Blackbourn, Jon Surrell, Jonathan Desrosiers, Michael Nelson, Peter Wilson, Phill, Robert Anderson, Ryan McCue, Scott Reilly, Timothy Jacobs, vortfu, Weston Ruter
How to contribute
To get involved in WordPress core development, head over to Trac, pick a ticket, and join the conversation in the #core Slack channel. Need help? Check out the Core Contributor Handbook.
Props to Ehtisham Siddiqui, John Blackbourn, Paul Kevan, Jonathan Desrosiers, Aaron Jorbin, Weston Ruter for reviewing.
31.0.9 release RHBZ#2388493 RHBZ#2389830 RHBZ#2389831 RHBZ#2389842 RHBZ#2389843 RHBZ#2389814 RHBZ#2389815
31.0.9 release RHBZ#2388493 RHBZ#2389830 RHBZ#2389831 RHBZ#2389842 RHBZ#2389843 RHBZ#2389814 RHBZ#2389815
Open VM Tools could be made to run programs as an administrator.