Today, April 15th, 2021, WordPress released version 5.7.1, a security and maintenance release that reportedly patches two security vulnerabilities.
The WordPress release announcement lists the following two security vulnerabilities as being patched in version 5.7.1:
Thank you SonarSource for reporting an XXE vulnerability within the media library affecting PHP 8. Thanks Mikael Korpela for reporting a data exposure vulnerability within the REST API.
Let’s take a closer look at these vulnerabilities and see what other information we can find out about them.