Title: Version 5.8.6
Author: Jb Audras
Published: October 17, 2022

---

# Version 5.8.6

## In this article

 * [Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#installation-update-information)
 * [Summary](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#summary)
 * [Security updates included in this release](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#security-updates-included-in-this-release)
 * [Credits](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#credits)
 * [List of updated packages](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#list-of-updated-packages)
 * [List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#list-of-files-revised)

[ Back to top](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#wp--skip-link--target)

On October 17, 2022, WordPress 5.8.5 was released to the public.

## 󠀁[Installation/Update Information](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#installation-update-information)󠁿

To get this version, update automatically from the Dashboard > Updates menu in your
site’s admin area or visit [https://wordpress.org/download/release-archive/](https://wordpress.org/download/release-archive/).

For step-by-step instructions on installing and updating WordPress:

 * [Updating WordPress](https://wordpress.org/documentation/article/updating-wordpress/)

If you are new to WordPress, we recommend that you begin with the following:

 * [New To WordPress – Where to Start](https://wordpress.org/support/article/new_to_wordpress_-_where_to_start/?output_format=md)
 * [First Steps With WordPress](https://wordpress.org/support/article/first-steps-with-wordpress/?output_format=md)
   or [Upgrading WordPress Extended](https://wordpress.org/documentation/article/upgrading-wordpress-extended-instructions/)
 * [WordPress Lessons](https://wordpress.org/support/article/wordpress-lessons/?output_format=md)

## 󠀁[Summary](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#summary)󠁿

## 󠀁[Security updates included in this release](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#security-updates-included-in-this-release)󠁿

The security team would like to thank the following people for responsibly reporting
vulnerabilities, and allowing them to be fixed in this release.

 * Stored XSS via wp-mail.php (post by email) – Toshitsugu Yoneyama of Mitsui Bussan
   Secure Directions, Inc. via JPCERT
 * Open redirect in `wp_nonce_ays` – [devrayn](https://hackerone.com/devrayn)
 * Sender’s email address is exposed in wp-mail.php – Toshitsugu Yoneyama of Mitsui
   Bussan Secure Directions, Inc. via JPCERT
 * Media Library – Reflected XSS via SQLi – Ben Bidner from the WordPress security
   team and Marc Montpas from Automattic independently discovered this issue
 * CSRF in wp-trackback.php – Simon Scannell
 * Stored XSS via the Customizer – Alex Concha from the WordPress security team
 * Revert shared user instances introduced in [50790](https://core.trac.wordpress.org/changeset/50790)–
   Alex Concha and Ben Bidner from the WordPress security team
 * Stored XSS in WordPress Core via Comment Editing – Third-party security audit
   and Alex Concha from the WordPress security team
 * Data exposure via the REST Terms/Tags Endpoint – Than Taintor
 * Content from multipart emails leaked – [Thomas Kräftner](https://profiles.wordpress.org/kraftner)
 * SQL Injection due to improper sanitization in `WP_Date_Query` – [Michael Mazzolini](https://www.gold-network.ch)
 * RSS Widget: Stored XSS issue – Third-party security audit
 * Stored XSS in the search block – Alex Concha of the WP Security team
 * Feature Image Block: XSS issue – Third-party security audit
 * RSS Block: Stored XSS issue – Third-party security audit
 * Fix widget block XSS – Third-party security audit

## 󠀁[Credits](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#credits)󠁿

This release was led by Alex Concha ([@xknown](https://profiles.wordpress.org/xknown)),
Peter Wilson ([@peterwilsoncc](https://profiles.wordpress.org/peterwilsoncc)), Jb
Audras ([@audrasjb](https://profiles.wordpress.org/audrasjb)), and Sergey Biryukov(
[@SergeyBiryukov](https://profiles.wordpress.org/SergeyBiryukov)).

The release would not have been possible without the contributions of the following
people. Their asynchronous coordination to deliver several fixes into a stable release
is a testament to the power and capability of the WordPress community.

[@audrasjb](https://profiles.wordpress.org/audrasjb), [@costdev](https://profiles.wordpress.org/costdev),
[@cu121](https://profiles.wordpress.org/cu121), [@dd32](https://profiles.wordpress.org/dd32),
[@davidbaumwald](https://profiles.wordpress.org/davidbaumwald), [@ehtis](https://profiles.wordpress.org/ehtis),
[@johnbillion](https://profiles.wordpress.org/johnbillion), [@johnjamesjacoby](https://profiles.wordpress.org/johnjamesjacoby),
[@martinkrcho](https://profiles.wordpress.org/martinkrcho), [@matveb](https://profiles.wordpress.org/matveb),
[@oztaser](https://profiles.wordpress.org/oztaser), [@paulkevan](https://profiles.wordpress.org/paulkevan),
[@peterwilsoncc](https://profiles.wordpress.org/peterwilsoncc),[@ravipatel](https://profiles.wordpress.org/ravipatel),
[@SergeyBiryukov](https://profiles.wordpress.org/SergeyBiryukov), [@talldanwp](https://profiles.wordpress.org/talldanwp),
[@timothyblynjacobs](https://profiles.wordpress.org/timothyblynjacobs), [@tykoted](https://profiles.wordpress.org/tykoted),
[@voldemortensen](https://profiles.wordpress.org/voldemortensen), [@vortfu](https://profiles.wordpress.org/vortfu),
and [@xknown](https://profiles.wordpress.org/xknown).

## 󠀁[List of updated packages](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#list-of-updated-packages)󠁿

    ```wp-block-preformatted
    COMING SOON…
    ```

## 󠀁[List of Files Revised](https://wordpress.org/documentation/wordpress-version/version-5-8-6/?output_format=md#list-of-files-revised)󠁿

    ```wp-block-preformatted
    COMING SOON…
    ```

First published

October 17, 2022

Last updated