Title: Version 5.4.2
Author: Jb Audras
Published: June 10, 2020

---

# Version 5.4.2

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#summary)
    - [Security updates](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#security-updates)
    - [Maintenance updates](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#maintenance-updates)
 * [Notes for developers](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#notes-for-developers)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#list-of-files-revised)
 * [Updated packages](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#updated-packages)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#wp--skip-link--target)

On June 10, 2020, WordPress 5.4.2 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#installation-update-information)󠁿

To download WordPress 5.4.2, update automatically from the Dashboard > Updates menu
in your site’s admin area or visit [WordPress releases archive](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/documentation/article/new_to_wordpress_-_where_to_start/)
 * [First Steps With WordPress](https://wordpress.org/documentation/article/first-steps-with-wordpress/)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/documentation/article/wordpress-lessons/)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#summary)󠁿

### 󠀁[Security updates](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#security-updates)󠁿

Five security issues affect WordPress versions 5.4 and earlier; version 5.4.2 fixes
them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also
updated versions of 5.3 and earlier that fix the security issues.

 * Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated
   users with low privileges are able to add JavaScript to posts in the block editor
 * Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated
   users with upload permissions are able to add JavaScript to media files.
 * Props to Ben Bidner of the WordPress Security Team for finding an open redirect
   issue in _wp\_validate\_redirect()_
 * Props to [Nrimo Ing Pandum](http://apapedulimu.click/) for finding an authenticated
   XSS issue via theme uploads
 * Props to [Simon Scannell of RIPS Technologies](https://blog.ripstech.com/authors/simon-scannell)
   for finding an issue where _set-screen-option_ can be misused by plugins leading
   to privilege escalation
 * Props to [Carolina Nymark](https://profiles.wordpress.org/poena/) for discovering
   an issue where comments from password-protected posts and pages could be displayed
   under certain conditions.

### 󠀁[Maintenance updates](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#maintenance-updates)󠁿

WordPress 5.4.2 features [22 bug and regression fixes](https://core.trac.wordpress.org/query?status=closed&milestone=5.4.2&group=status&col=id&col=summary&col=status&col=milestone&col=owner&col=type&col=priority&col=component&col=focuses&col=keywords&order=priority)
on both core and default themes.

 * [49956](https://core.trac.wordpress.org/ticket/49956) – Spammers able to share
   unmoderated comments **(see related devnote below)**
 * [49749](https://core.trac.wordpress.org/ticket/49749) – Registering rest routes
   with a slash-prefixed namespace give inconsistent results
 * [49798](https://core.trac.wordpress.org/ticket/49798) – Default WordPress favicon
   in dark mode browsers
 * [49808](https://core.trac.wordpress.org/ticket/49808) – WordPress 5.4: Deprecated:
   tag_row_actions is deprecated since version 3.0.0
 * [50121](https://core.trac.wordpress.org/ticket/50121) – About page: correcting
   the order of headings
 * [50131](https://core.trac.wordpress.org/ticket/50131) – Absent custom favicon
   triggers wp-admin .htaccess/.htpasswd prompt on frontend in FIrefox
 * [49353](https://core.trac.wordpress.org/ticket/49353) – button padding issue 
   in edit plug on small device
 * [37926](https://core.trac.wordpress.org/ticket/37926) – Twenty Eleven & Twenty
   Twelve: Dropdown category widget exceeds parent div when strings are long enough
 * [45865](https://core.trac.wordpress.org/ticket/45865) – Twenty Nineteen: Consider
   decreasing the font size for widget titles
 * [48803](https://core.trac.wordpress.org/ticket/48803) – Twenty Twenty: Custom
   post type that doesn’t support author, shows author
 * [48916](https://core.trac.wordpress.org/ticket/48916) – Twenty Twenty: anchor
   links don’t work in mobile menu
 * [49088](https://core.trac.wordpress.org/ticket/49088) – Twenty Twenty: Add icon
   for g.page links (Google business profile)
 * [49316](https://core.trac.wordpress.org/ticket/49316) – Twenty Twenty missed 
   license for images.
 * [49320](https://core.trac.wordpress.org/ticket/49320) – Twenty Twenty: aligncenter
   >figcaption missing text-align: center; feature
 * [49322](https://core.trac.wordpress.org/ticket/49322) – Twenty Twenty: Submenu
   items disappear underneath the Cover block
 * [49435](https://core.trac.wordpress.org/ticket/49435) – Twenty Twenty: inconsistent
   top and bottom margins for .alignwide and .alignfull on Chrome vs Safari (cross
   browser issue)
 * [49699](https://core.trac.wordpress.org/ticket/49699) – Twenty Nineteen: Center-
   and right-aligned heading accents appear broken
 * [49793](https://core.trac.wordpress.org/ticket/49793) – Twenty Twenty: Images
   in list blocks are not positioned correctly
 * [49893](https://core.trac.wordpress.org/ticket/49893) – TwentyTwenty: TikTok 
   and ResearchGate Social Icons
 * [49932](https://core.trac.wordpress.org/ticket/49932) – Small Typo in Twenty-
   Twenty

**Thank you to everyone who contributed to WordPress 5.4.2:**

[Andrea Fercia](https://profiles.wordpress.org/afercia/), [argentite](https://profiles.wordpress.org/argentite/),
[M Asif Rahman](https://profiles.wordpress.org/asif2bd/), [Jb Audras](https://profiles.wordpress.org/audrasjb/),
[Ayesh Karunaratne](https://profiles.wordpress.org/ayeshrajans/), [bdcstr](https://profiles.wordpress.org/bdcstr/),
[Delowar Hossain](https://profiles.wordpress.org/delowardev/), [Rob Migchels](https://profiles.wordpress.org/dhrrob/),
[donmhico](https://profiles.wordpress.org/donmhico/), [Emilie LEBRUN](https://profiles.wordpress.org/emlebrun/),
[finomeno](https://profiles.wordpress.org/finomeno/), [garethgillman](https://profiles.wordpress.org/garethgillman/),
[Giorgio25b](https://profiles.wordpress.org/giorgio25b/), [Gabriel Maldonado](https://profiles.wordpress.org/gma992/),
[Hector F](https://profiles.wordpress.org/h71/), [Ian Belanger](https://profiles.wordpress.org/ianbelanger/),
[Mathieu Viet](https://profiles.wordpress.org/imath/), [Javier Casares](https://profiles.wordpress.org/javiercasares/),
[Joe McGill](https://profiles.wordpress.org/joemcgill/), [jonkolbert](https://profiles.wordpress.org/jonkolbert/),
[Jono Alderson](https://profiles.wordpress.org/jonoaldersonwp/), [Joy](https://profiles.wordpress.org/joyously/),
[Tammie Lister](https://profiles.wordpress.org/karmatosed/), [Kjell Reigstad](https://profiles.wordpress.org/kjellr/),
[KT](https://profiles.wordpress.org/kthmd/), [markusthiel](https://profiles.wordpress.org/markusthiel/),
[Mayank Majeji](https://profiles.wordpress.org/mayankmajeji/), [Mel Choyce-Dwan](https://profiles.wordpress.org/melchoyce/),
[mislavjuric](https://profiles.wordpress.org/mislavjuric/), [Mukesh Panchal](https://profiles.wordpress.org/mukesh27/),
[Nikhil Bhansi](https://profiles.wordpress.org/nikhilbhansi/), [oakesjosh](https://profiles.wordpress.org/oakesjosh/),
[Dominik Schilling](https://profiles.wordpress.org/ocean90/), [Arslan Ahmed](https://profiles.wordpress.org/passoniate/),
[Peter Wilson](https://profiles.wordpress.org/peterwilsoncc/), [Carolina Nymark](https://profiles.wordpress.org/poena/),
[Stephen Bernhardt](https://profiles.wordpress.org/sabernhardt/), [Sam Fullalove](https://profiles.wordpress.org/samful/),
[Alain Schlesser](https://profiles.wordpress.org/schlessera/), [Sergey Biryukov](https://profiles.wordpress.org/sergeybiryukov/),
[skarabeq](https://profiles.wordpress.org/skarabeq/), [Toni Viemerö](https://profiles.wordpress.org/skithund/),
[suzylah](https://profiles.wordpress.org/suzylah/), [Timothy Jacobs](https://profiles.wordpress.org/timothyblynjacobs/),
[TeBenachi](https://profiles.wordpress.org/utz119/), [Jake Spurlock](https://profiles.wordpress.org/whyisjake/)
and [yuhin](https://profiles.wordpress.org/yuhin/).

For more information, [browse the full list of changes on Trac](https://core.trac.wordpress.org/query?status=closed&milestone=5.4.2&group=status&col=id&col=summary&col=status&col=milestone&col=owner&col=type&col=priority&col=component&col=focuses&col=keywords&order=priority).

## 󠀁[Notes for developers](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#notes-for-developers)󠁿

> [WordPress 5.4.2: Prevent unmoderated comments from search engine indexation](https://make.wordpress.org/core/2020/06/09/wordpress-5-4-2-prevent-unmoderated-comments-from-search-engine-indexation/)

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    wp-admin/about.php
    wp-admin/themes.php
    wp-admin/css/common.css
    wp-admin/images/w-logo-blue.png
    wp-admin/includes/class-wp-site-health.php
    wp-admin/includes/class-wp-terms-list-table.php
    wp-admin/includes/media.php
    wp-admin/includes/misc.php
    wp-admin/includes/theme.php
    wp-content/themes/twentyeleven/style.css
    wp-content/themes/twentynineteen/sass/mixins/_mixins-master.scss
    wp-content/themes/twentynineteen/sass/site/secondary/_widgets.scss
    wp-content/themes/twentynineteen/style-editor.css
    wp-content/themes/twentynineteen/style-rtl.css
    wp-content/themes/twentynineteen/style.css
    wp-content/themes/twentytwelve/style.css
    wp-content/themes/twentytwenty/assets/js/index.js
    wp-content/themes/twentytwenty/classes/class-twentytwenty-svg-icons.php
    wp-content/themes/twentytwenty/inc/template-tags.php
    wp-content/themes/twentytwenty/readme.txt
    wp-content/themes/twentytwenty/style-rtl.css
    wp-content/themes/twentytwenty/style.css
    wp-content/themes/twentytwenty/template-parts/content-cover.php
    wp-content/themes/twentytwenty/template-parts/content.php
    wp-includes/class-walker-comment.php
    wp-includes/class-wp-comment-query.php
    wp-includes/class-wp.php
    wp-includes/comment-template.php
    wp-includes/comment.php
    wp-includes/default-filters.php
    wp-includes/embed.php
    wp-includes/functions.php
    wp-includes/images/w-logo-blue-white-bg.png
    wp-includes/pluggable.php
    wp-includes/rest-api.php
    wp-includes/version.php
    package-lock.json
    package.json
    wp-comments-post.php
    ```

## 󠀁[Updated packages](https://wordpress.org/documentation/wordpress-version/version-5-4-2/?output_format=md#updated-packages)󠁿

    ```wp-block-preformatted
    @wordpress/block-library: 2.4.7
    @wordpress/edit-post: 3.3.7
    ```

First published

June 10, 2020

Last updated