A heads up that some of your Wordpress sites might be broken due to a new feature in Wordpress 5.5 that was not announced:
The newly updated WordPress 5.5 contains a feature that prevents rogue plugins from taking over WordPress sites. The change allows a WordPress site to check if a plugin is legitimate or not and to block it from updating if it is flagged as blocked from updating.
If you are seeing users added to your Wordpress install this might be why:
Our team recently stumbled across an interesting example of malicious code used to add an arbitrary user inside WordPress.
The following code was detected at the bottom of the theme’s functions.php. It uses internal WordPress functions like wp_create_user() and add_role() to create a new user and elevate its role to “administrator:”
Time to check your plugins are compatible with this new maintenance update if you are on auto update:
WordPress 5.5.1 is now available!
This maintenance release features 34 bug fixes, 5 enhancements, and 5 bug fixes for the block editor. These bugs affect WordPress version 5.5, so you’ll want to upgrade.
You can download WordPress 5.5.1 directly, or visit the Dashboard → Updates screen and click Update Now. If your sites support automatic background updates, they’ve already started the update process.
WordPress 5.5.1 is a short-cycle maintenance release. The next major release will be version 5.6.
To see a full list of changes, you can browse the list on Trac, read the 5.5.1 RC1 and 5.5.1 RC2 posts, or visit the 5.5.1 documentation page.
Those using File Manager plug in need to have a look at this:
Experts reported threat actors are increasingly targeting a recently addressed vulnerability in the WordPress plugin File Manager.
Researchers from WordPress security company Defiant observed a surge in the number of attacks targeting a recently addressed vulnerability in the WordPress plugin File Manager.
Those using the Discount Rules for WooCommerce WordPress plugin are encouraged to apply a third update to correct a flaw in the plugin:
Users of the Discount Rules for WooCommerce WordPress plugin are urged to apply a third and (hopefully) final patch.
E-commerce sites using the WordPress plugin Discount Rules for WooCommerce are being urged to patch two high-severity cross-site scripting flaws that could allow an attacker to hijack a targeted site. Two fixes for the flaws, first available on Aug. 22 and second on Sept. 2, failed to patch the problem.
A third round of patches for the bugs became available to customers on Sept. 9. On Thursday, the Wordfence Threat Intelligence researchers that were tipped-off to the vulnerabilities, publicly disclosed the flaws and offered a technical analysis....
This security and maintenance release features 14 bug fixes in addition to 10 security fixes. Because this is a security release, it is recommended that you update your sites immediately. All versions since WordPress 3.7 have also been updated.
WordPress 5.5.2 is a short-cycle security and maintenance release. The next major release will be version 5.6.
This maintenance release fixes an issue introduced in WordPress 5.5.2 which makes it impossible to install WordPress on a brand new website that does not have a database connection configured. This release does not affect sites where a database connection is already configured, for example, via one-click installers or an existing wp-config.php file.
5.5.3-alpha Issue
Earlier today — between approximately 15:30 and 16:00 UTC — the auto-update system for WordPress updated some sites from version 5.5.2 to version 5.5.3-alpha. This auto-update was due to an error in the Updates API caused by the 5.5.3 release preparations (see more here). The 5.5.3-alpha version at this point was functionally identical to 5.5.2 as no development work had been started on 5.5.3; however, the following changes may have been made to your site:
The default “Twenty” themes installed as part of the pre-release package.
The “Akismet” plugin installed as part of the pre-release package.
These themes and plugins were not activated and therefore remain non-functional unless you installed them previously. It is safe to delete these features should you prefer not to use them.
If you are not on 5.5.2, or have auto-updates for minor releases disabled, please manually update to the 5.5.3 version by downloading WordPress 5.5.3 or visiting Dashboard → Updates and click “Update Now.”
It has been a while but there is a new Wordpress edition:
...WordPress 5.6 brings you countless ways to set your ideas free and bring them to life. With a brand-new default theme as your canvas, it supports an ever-growing collection of blocks as your brushes. Paint with words. Pictures. Sound. Or rich embedded media...
I think it was version 5.5 that broke some sites? Then, the fix was to add jQuery Migrage plugins to manage/fix the issue. I understand that 5.6 might be addressing this issue, but there are other issues with 5.6 that Wordfence people have identified.