On September 30, 2025, WordPress 5.9.12 was released to the public.
Installation/Update Information
To get this version, update automatically from the Dashboard > Updates menu in your site’s admin area or visit https://wordpress.org/download/release-archive/.
For step-by-step instructions on installing and updating WordPress:
If you are new to WordPress, we recommend that you begin with the following:
- New To WordPress – Where to Start
- First Steps With WordPress or Upgrading WordPress Extended
- WordPress Lessons
Summary
Security updates
This release features 2 security fixes. Because this is a security release, it is recommended that you update your sites immediately.
The security team would like to thank the following people for responsibly reporting vulnerabilities, and allowing them to be fixed in this release:
- A data exposure issue where authenticated users could access some restricted content. Independently reported by Mike Nelson, Abu Hurayra, Timothy Jacobs and Peter Wilson.
- A cross-site scripting (XSS) vulnerability requiring an authenticated role that affects the nav menus. Reported by Phill Savage.
As a courtesy to users on older branches of WordPress, these fixes are available in branches of WordPress going back to WordPress 4.7.
Change log
List of files revised
/wp-admin/about.php
/wp-admin/js/customize-nav-menus.js
/wp-admin/js/nav-menu.js
/wp-includes/class-wp-customize-nav-menus.php
/wp-includes/customize/class-wp-customize-nav-menu-item-setting.php
/wp-includes/rest-api/endpoints/class-wp-rest-posts-controller.php
/wp-includes/rest-api/endpoints/class-wp-rest-terms-controller.php
/wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php
/wp-includes/version.php
List of packages revised
No package was revised.